ssh tunnel refusing connections with "channel 2: open failed"

Solution 1:

Problem solved:

$ ssh -L 7000:127.0.0.1:7000 user@host -N -v -v

...apparently, 'localhost' was not liked by the remote host. Yet, remote /etc/hosts contains:

::1                     localhost localhost.
127.0.0.1               localhost localhost.

while the local network interface is

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33184
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2

Sigh. so much for the bounty of 100rp I put on :)

Solution 2:

Although OP's problem has already been solved, I decided to share the solution for my problem, because I got the same error message from ssh and I didn't find any solution on other sites.

In my case I had to connect to the service which listens only on IPv6. I tried:

ssh -f [email protected] -L 51005:127.0.0.1:51005 -N
ssh -f [email protected] -L 51005:localhost:51005 -N

and a few other ways but it didn't work. Any try of connection to http://localhost:51005 causes errors like this: channel 2: open failed: connect failed: Connection refused

The solution is:

ssh -f [email protected] -L 51005:[::1]:51005 -N

IPv6 address must be in square brackets.

Solution 3:

I would first try this.

$ ssh -L 7000:127.0.0.1:7000 user@host -N -v -v

You can use "-v" up to 3 times to increase verbosity.

I think this error message can arise if a firewall blocks port 7000, but you had already ruled that out. (If later readers haven't ruled that out, look at the output of netstat --numeric-ports.)

I think I might have seen this error message a long time ago, when ssh first became aware of IPV6 addresses following an update. I could be wrong about that. If you feel like experimenting, you can try the IPV6 loopback address "0:0:0:0:0:0:0:1" (or "::1").