Re: port forwarding

From: Richard E. Silverman (
Date: 04/22/04

Date: 21 Apr 2004 21:59:43 -0400

>>>>> "Bob" == Bob <> writes:

    Bob> Why does 'ssh -N -l root -L 110: root@gw' work
    Bob> but 'ssh -N -l root -L 110:gw:110 root@gw' gives an: channel 2:
    Bob> open failed: administratively prohibited: open failed error?

This indicates that the SSH server declined the direct-tcpip channel the
client requested in response to the connection to the locally forwarded
port. Since a forwarding with a different destination does work, they
must be filtered on the server. You don't say what the SSH server
software is. If it's OpenSSH, this means you must be using publickey
authentication and there's a permitopen restriction on the key.

  Richard Silverman

Relevant Pages

  • Re: newbie question on port forwarding(and ssh, netcat)
    ... Divide the problem into two parts: the simplest way to check port ... from your laptop try ssh. ... as the ssh server treats different interfaces separately. ... The long-term solution is to disable passwords and use public-private ...
  • Re: sendmail log question?
    ... it was the latest FC8 update. ... kiddiez and 'bots that know that SSH servers only exist on port 22. ... firewall to temporarily open some other port (where the SSH server is ... This is much less common today, ...
  • Re: Remote Control PC behind broadband router?
    ... You could run the SSH server on the XP box or some LINUX ... Otherwise you can also port forward more than one port through your router ... you really need to check with your office network ...
  • Re: Do I need a VPN?
    ... across a 3G connection. ... Run an SSH server on your local PC - OpenSSH in your case, ... Perhaps put it on port 443 in case the provider blocks SSH etc. ... Schedule an outbound connect to your SSH server on the remote PC. ...
  • Re: SSHD: Limit login attempt rate
    ... to only allow three authentication attempts per connection, ... sure of is that you must only run an SSH server on port 22. ... connection attempts, and can then open what-ever port you have hidden ...