When I open this ssh tunnel:
ssh -nXNT -p 22 localhost -L 0.0.0.0:8984:remote:8983
I get this error when trying to access the HTTP server running on localhost:8984:
channel 1: open failed: administratively prohibited: open failed
What does this error mean, and on which machine can you fix the problem?
Best Answer
The above message refers to your SSH server rejecting your SSH client's request to open a side channel. This typically comes from
-D
,-L
or-w
, as separate channels in the SSH stream are required to ferry the forwarded data across.Since you are using
-L
(also applicable to-D
), there are two options in question that are causing your SSH server to reject this request:AllowTcpForwarding
(as Steve Buzonas mentioned)PermitOpen
These options can be found in
/etc/ssh/sshd_config
. You should ensure that:AllowTCPForwarding
is either not present, is commented out, or is set toyes
PermitOpen
is either not present, is commented out, or is set toany
[1]Additionally, if you are using an SSH key to connect, you should check that the entry corresponding to your SSH key in
~/.ssh/authorized_keys
does not haveno-port-forwarding
orpermitopen
statements[2].Not relevant to your particular command, but somewhat relevant to this topic as well, is the
PermitTunnel
option if you're attempting to use the -w option.[1] Full syntax in the
sshd_config(5)
manpage.[2] Full syntax in the
authorized_keys(5)
manpage.