5

I am trying to set up an SSH tunnel (on a Raspberry Pi) with the following command: ssh user@terbank.cs.kuleuven.be -L 5672:tabor.cs.kotnet.leuven.be:5672 -N (I should note that I can, or at least could, change the first port 5672 to whatever I want)

This worked before, as we were able to communicate with the Raspberry Pi with my laptop, which SSH'ed to that server the same way.

Now, after some reboots, we get this error (on the Pi) whenever we try to communicate with the Raspberry Pi:

channel 1: open failed: administratively prohibited: open failed

I already checked /etc/hosts, /etc/network/inferfaces and /etc/ssh/sshd_config to comply with solutions found on the internet.

This is a copy of our traceroute:

pi@raspberrypi ~ $ sudo traceroute -T -p 5672 tabor.cs.kotnet.kuleuven.be
traceroute to tabor.cs.kotnet.kuleuven.be (10.33.14.4), 30 hops max, 60 byte packets
 1  PenO8 (192.168.2.1)  2.033 ms  2.808 ms  3.168 ms
 2  10.8.32.252 (10.8.32.252)  9.274 ms  9.380 ms  9.396 ms
 3  rhmccoy1-vlan176.kulnet.kuleuven.be (134.58.252.17)  9.181 ms  9.158 ms  9.240 ms
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
Braiam
  • 35,991
Ad Fundum
  • 151
  • This error message can be shown for quite different reasons. E.g. in my case I was trying to forward a remote socket file to local, and the remote OpenSSH version simply didn't have this feature yet... – argonym Sep 15 '20 at 15:47

1 Answers1

6

In /etc/ssh/sshd_config make sure the following is uncommented:

AllowTcpForwarding yes

Double check your syntax too:

$ ssh -N -L [local_port]:[endpoint]:[remote_port]  [user]@[host]

The error you're seeing is a terribly confusing error that is thrown when a forwarded ssh connection simply can't connect.

AdminBee
  • 22,803
Creek
  • 5,062
  • I added the first line to sshd_config after some Googling before, but with no success.

    The syntax should be correct, as I always copy the command from a text-file, so it hasn't changed since it worked before. (I double-checked, and it's correct).

     – Ad Fundum May 03 '14 at 20:56
  • @AdFundum when you have this ssh connection running how are you trying to connect to port 5672 on tabor.cs.kotnet.leuven.be? If this is being ran on the pi then you could only access the forwarded port, 5672, from localhost on the pi. – Creek May 04 '14 at 01:26
  • 'tabor.cs.kotnet.kuleuven.be' is a server on our college, but we can only access it through the main server 'terbank.cs.kuleuven.be' – Ad Fundum May 04 '14 at 09:05
  • @AdFundum Try this command on the pi ssh -vgN -L 5672:tabor.cs.kotnet.leuven.be:5672 user@terbank.cs.kuleuven.be Now try to connect from your laptop to port 5672 on the pi. Using -g will expose the local forwarded port to other hosts and -v will trigger verbose output so you can see what exactly is going on. – Creek May 04 '14 at 18:44