Channel 1: open failed: administratively prohibited: open failed with SSH tunneling

I am trying ssh tunneling and I open ssh tunnel using:

ssh user@serverA -L 5900:127.0.0.1:5900

Then I opened my VNC client and type ‘127.0.0.1:5900’ but it said connection failed. On the server I see

channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed
channel 1: open failed: administratively prohibited: open failed

What does this error mean on Linux server? How do I fix it?

The error message means your OpenSSH server (SSHD) rejecting your ssh client’s request to open a side channel and TCP port forwarding. Here is how to fix it:

1. Settings you need to enable on Linux SSHD server

Make sure the following settings enabled as follows:

  • TCPKeepAlive - Specifies whether the system should send TCP keepalive messages to the other side.
  • AllowTCPForwarding - This option must be enabled on the server to allow port forwarding.
  • PermitOpen - Specifies the destinations to which TCP port forwarding is permitted

2. How to find current settings

Run the following command on your Linux or Unix SSHD server:

sudo sshd -T | grep -Ei 'TCPKeepAlive|AllowTCPForwarding|PermitOpen'

Correct values:

tcpkeepalive yes
allowtcpforwarding yes
permitopen any

3. How to set up correct values

Edit the /etc/ssh/sshd_config and set up following values:

tcpkeepalive yes
allowtcpforwarding yes
permitopen any

3.1 Reload sshd:

systemctl reload sshd.service

See

Make sure localhost entry set up in /etc/hosts

grep -i localhost /etc/hosts

Here is a sample entry:

127.0.0.1	localhost.localdomain localhost
::1		localhost localhost.localdomain

4. Test it

Log out and login again:

ssh user@serverA -L 5900:127.0.0.1:5900

It should work now.

Make sure you read sshd_config(5) man page “sshd_config(5) - OpenBSD manual pages” and “OpenSSH: Manual Pages

man 5 sshd_config
man 5 ssh_config
man ssh
man sshd

That did the trick. Rest was already set up. <3


Linux sysadmin blog - Linux/Unix Howtos and Tutorials - Linux bash shell scripting wiki