how to solve the "open failed: administratively prohibited: open failed" when using a SSH tunnel proxy

I've been using SSH tunnel for a while on Windows (using Putty).

On Windows with putty, it is always fine, but on mac or cygwin, it sometimes prompts the warning message:

open failed: administratively prohibited: open failed

Solution 1:

I believe you have disabled TCP forwarding on the server. In your server /etc/ssh/sshd_config make sure that the following line is either not present or commented, otherwise comment it.

AllowTcpForwarding no

Solution 2:

There is a broader discussion of this error with SSH tunnels on Unix StackExchange. In a nutshell, this is a non-specific error; there are numerous possibilities that should be explored.

Solution 3:

_{Just for posterity, even if it isn't useful to you specifically}

The errors are put to your console via stderr, so if you just want to ignore them, adding 2>/dev/null to the end of your ssh call will work perfectly. E.g.:

ssh -C -D 3210 example@connexion 2>/dev/null

This is useful if the proxy tunnel is actually working fine, but you just dont want to see the errors.

In my case; the machine I'm tunnelling to isn't mine, so I can't modify the sshd_config (not that that was your issue) and I also use the same connexion for the shell. Having those error messages write into my console during an open vim window makes the display act up quite annoyingly.

Solution 4:

If the sshd config already has all the options to enable port forwarding, but you still get this issue, check /var/log/secure for something like this - sshd: error: connect_to XXX: unknown host (Name or service not known)

If the ssh host is unable to resolve the host that you want to tunnel to, it will give back the generic error unable to open channel.

Double check you tunnel hostname or DNS resolution on ssh server.