Ssh – What do the channel numbers in ssh error message refer to

opensshsshssh-tunnelingsshd

In the example below what do the channel numbers correspond to? Which are on the server? Which are on the client?

  $ ssh -L1570:127.0.0.1:8899 root@thehost
    Password:
    Last login: Fri Aug  9 13:08:44 2013 from theclientip
    Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
    You have new mail.
    # channel 2: open failed: administratively prohibited: open failed
    channel 3: open failed: administratively prohibited: open failed
    channel 2: open failed: administratively prohibited: open failed

The ssh client is running on Windows 7 and the server has a Tomcat server running on port 8899.

Tomcat is not listening on 127.0.0.1 on the remote machine so if I change the command to ssh -L1570:thehostpublicip:8899 root@thehost the port forward works. So I know that port forwarding seems to be working just fine on the server.

my sshd config file contains the following two lines:

# Port forwarding
AllowTcpForwarding yes

# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are received
# from any remote host.
GatewayPorts yes

I'm trying to setup port forwarding for another process not Tomcat and I get the error messages similar to the stuff above so I'm trying to understand the meaning of the error messages.

Best Answer

From the SSH Protocol documentation, regarding channels:

All terminal sessions, forwarded connections, etc., are channels. Either side may open a channel. Multiple channels are multiplexed into a single connection.

Channels are identified by numbers at each end. The number referring to a channel may be different on each side. Requests to open a channel contain the sender's channel number. Any other channel related messages contain the recipient's channel number for the channel.

Channels are flow-controlled. No data may be sent to a channel until a message is received to indicate that window space is available.

Port forwarding

The command you have looks fine. Are you sure that the service you're trying to connect to is up and accepting connections? The channel errors would seem to indicate that it's not.

What are my active channels?

If you have an active ssh connection you can use the following key combination to get help:

Shift+~ followed by Shift+?

$ ~?
Supported escape sequences:
  ~.  - terminate connection (and any multiplexed sessions)
  ~B  - send a BREAK to the remote system
  ~C  - open a command line
  ~R  - Request rekey (SSH protocol 2 only)
  ~^Z - suspend ssh
  ~#  - list forwarded connections
  ~&  - background ssh (when waiting for connections to terminate)
  ~?  - this message
  ~~  - send the escape character by typing it twice
(Note that escapes are only recognized immediately after newline.)
debug2: channel 2: written 480 to efd 8

You can then use this key combination to get a list of the active channels:

Shift+~ followed by Shift+#

$ ~#
The following connections are open:
  #2 client-session (t4 r0 i0/0 o0/0 fd 6/7 cc -1)
debug2: channel 2: written 93 to efd 8
Related Question