Re: ssh tunneling and "channel 2: open failed: administratively prohibited: open failed"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 23/01/07, Rick Sewill <rsewill@xxxxxxxxxxxx> wrote:

It says it is an administrative issue.  I am guessing authentication.

I have a long-shot guess...after trying some local tests here.
I have one user name, USERA, on machine A,
           user name, USERX, on machine B and machine C

I did the same (names of machines are different)
>From machine A> ssh -N -L 8080:C:22 B

>From machine A> ssh -p 8080 localhost
     -- and it failed because my name on machine A is different
        from my name on machine B and ssh on machine A was passing
        the equivalent of "USERA@localhost"
When I did from machine A> ssh -p 8080 USERX@localhost
        I succeeded because machine C knew about and wanted USERX



My usernames on machines A and C are the same, and different to the
username on machine B. So, I tried this suggestion, to no avail --
same general result I'm afraid.



Another possibility...when you connect from machine B to machine C,
do you have anything special in ~/.ssh/config file on machine B
that is not being triggered when you ssh through the tunnel?



I checked, and there's nothing in my .ssh/config files on any of the
machines. Machines A and C are freshly installed FC6 boxes, identical
(actually, I have even tried using the same machine as machine A and
C), and machine B is a sun machine with a clean account. Machine B is
the one not under my control.


I might as well ask if there is anything special in ~/.ssh/config file
on machine A that might be specifying something machine C does not
support.  Such things might be a certain kind of encryption or
compression or ....



Nope, nothing like that.


Sorry I am not being as much help as I would like to be.



No need for apologies - you've been incredibly helpful with your
suggestions, as I feel more confident I've ruled everything else out,
and it must be that TCPForwarding on the box in the middle (B) is
disallowed.


You may need to ask the administrator for machine C what is showing up
in the syslog.



That's me :) There's nothing in the logs that gives a clue - I think
the logs on machine B would be more interesting, but those are not
available to me :).

Thanks again Rick.
Jonathan.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux