Skip to main content

Any suggestions for getting TCP forwarding working via #SSH? I'm getting errors like this:

refused local port forward: originator 127.0.0.1 port 49673, target 127.0.0.1 port 443

The sshd -T output suggests that it should work:
$ grep -i 'forward\|permitopen' full-sshd-config
x11forwarding no
allowtcpforwarding yes
allowagentforwarding yes
disableforwarding no
allowstreamlocalforwarding yes
permittunnel no
permitopen 127.0.0.1:443

(The host is pretty locked down, which is why I have the PermitOpen directive instead of allowing all forwarding.)

#Linux

#linux #ssh
Unknown parent

Neil E. Hodges
Neil E. Hodges

If it had been the firewall, wouldn't there not be any logs on the server side? That's where the refused local port forward came from.

I checked audit.log on the server and nothing was logged during the forwarding attempt.

Nothing regarding forwarding on the client side with -vvvvv other than this:

debug1: Requesting forwarding of local forward 127.0.0.1:5987 -> 127.0.0.1:443
in reply to Neil E. Hodges

Neil E. Hodges
Neil E. Hodges
The client just says this:
channel 2: open failed: administratively prohibited: open failed
Unknown parent

Neil E. Hodges
Neil E. Hodges
Yeah. I haven't been able to find any settings on the server that would be doing this, though. :/
in reply to Neil E. Hodges

Neil E. Hodges
Neil E. Hodges
Found this on the server:
debug1: server_request_direct_tcpip: originator 127.0.0.1 port 57502, target 127.0.0.1 port 443
refused local port forward: originator 127.0.0.1 port 57502, target 127.0.0.1 port 443
debug1: server_input_channel_open: failure direct-tcpip
in reply to Neil E. Hodges

Stefans Weblog
Stefans Weblog

Have you to (de)activate the options in your sshd_config one by one until you got the connection?

Maybe you can start with

X11Forwarding no
AllowTcpForwarding local
PermitTunnel no