On 02/24/2010 01:32 PM, Andrew Haley wrote: > On 02/24/2010 06:23 PM, Christoph Höger wrote: > >> Am Mittwoch, den 24.02.2010, 15:57 +0000 schrieb Andrew Haley: >> >>> On 02/24/2010 02:41 PM, Christoph Höger wrote: >>> >>>> Hi guys, >>>> >>>> are there any special client settings one needs to have for ssh >>>> tunneling? >>>> >>>> I have the classical setup: machines A1 and A2 (both fedora 12) should >>>> access C which is only accessible from B1 (kerberos) or B2 (private key) >>>> >>>> So on A1 I used to >>>> >>>> ssh -L 10080:C:80 B1 >>>> >>>> or >>>> >>>> ssh -L 10080:C:80 B2 >>>> >>>> Both work fine. >>>> >>>> But on A2: >>>> >>>> ssh -L 10080:C:80 B1/B2 >>>> >>>> logs me in to the machine but every connection attempt returns: >>>> >>>> channel 3: open failed: administratively prohibited: open failed >>>> >>>> Why? What kind of weird setting is this? >>>> >>> Anything in the logs? Looks like a policy issue to me. >>> >> What logs do you mean? This is a client issue. Does the ssh client write >> to local log files? >> > No. I think it may be a SELinux policy issue. > > See if anything is logged in any of the log files when you get this > message. > > Also, make very sure that AllowTcpForwarding is set in sshd_config > > Make sure no-one else has this port open. > > Check the addresses. > > Andrew. > What version rpm -q selinux-policy ausearch -m avc -ts recent -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
