ssh -f -L 1984:user@example.com:8080 user@example.com sleep 25 Client is prompted for a password and then backgrounds without error. Opening a browser locally and point it to localhost:1984. One would expect to be forwarded to the example.com:8080. Alas not so. The forwarding fails. The ssh client returns this error: channel 2: open failed: administratively prohibited: open failed The server log shows this error: Jun 14 15:22:08 ettin sshd[10773]: error: connect_to user@example.com: unknown host (Name or service not known) I suspect that this occurs in new versions of OpenSSH. I tested this on a Redhat 9.0 server and was successful. On Gentoo and Redhat AS3.0 the forwarding failed. Reproducible: Always Steps to Reproduce: 1. 2. 3. ettin ssh # emerge info Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.20041102-r1, 2.6.11.4 i686) ================================================================= System uname: 2.6.11.4 i686 AMD Athlon(tm) MP 2000+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.3.5 [2.3.5 (#1, May 7 2005, 16:00:18)] dev-lang/python: 2.3.5 sys-apps/sandbox: [Not Present] sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.7.9-r1, 1.9.5, 1.5, 1.6.3, 1.4_p6, 1.8.5-r3 sys-devel/binutils: 2.15.92.0.2-r7 sys-devel/libtool: 1.5.16 virtual/os-headers: 2.6.8.1-r2, 2.6.8.1-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-mp -O3 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-mp -O3 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/opt/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X alsa apm arts avi berkdb bitmap-fonts bonobo cdr crypt cups curl dvdr editor emboss encode esd fam flac foomaticdb fortran gd gdbm gif gnome gpm gtk gtk2 gtkhtml guile imagemagick imlib ipv6 java jpeg kde libg++ libwww mad mbox mikmod motif mp3 mpeg mppe-mppc mysql ncurses nls ogg oggvorbis opengl oss pam pdflib perl png python qt quicktime readline sdl slang spell ssl svga tcltk tcpd tiff truetype truetype-fonts type1-fonts vorbis xine xinerama xml xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY ettin ssh # emerge -s openssh Searching... [ Results for search key : openssh ] [ Applications found : 1 ] * net-misc/openssh Latest version available: 3.9_p1-r2 Latest version installed: 3.9_p1-r2 Size of downloaded files: 973 kB Homepage: http://www.openssh.com/ Description: Port of OpenBSD's free SSH release License: as-is
Turns out there must be some syntax and default configuration changes between a few of these versions. This syntax did the trick: ssh -f -L 1984:example.com:8080 user@example.com -g sleep 25 The user does not need to be listed in the -L arguement. The -g option allows remote connections to be forwarded. Sorry to have troubled you.
