Skip to Content

Fix channel : open failed: administratively prohibited: open failed

The error message `channel 3: open failed: administratively prohibited: open failed` typically appears when trying to use SSH tunneling (port forwarding) and the server is not configured to allow this or is actively blocking it.

Here’s how to fix it:

1. Server Configuration:

  • First and foremost, make sure your SSH server is configured to allow tunneling. Edit your `sshd_config` (usually found in `/etc/ssh/` on most Linux distributions).
  • Find the line that says `AllowTcpForwarding` and change its value to `yes`.
  • If the line doesn’t exist, you can add `AllowTcpForwarding yes` at the bottom.
  • Save the file and restart the SSH server. On most systems, you can do this with `sudo service ssh restart` or `sudo systemctl restart sshd`.


2. Client Configuration:

  • Ensure that you’re using the correct SSH command for tunneling. If you’re trying to set up a local port forwarding, the command generally looks like this: `ssh -L [local port]:[remote address]:[remote port] [SSH server]`.
  • For example: `ssh -L 8080:localhost:80 [email protected]` would forward your local port `8080` to port `80` on the server.


3. Firewall Settings:

Check the firewall settings on both the client and server side. Ensure that the ports you’re trying to forward are not being blocked by a firewall.

4. Check Server Logs:

The server’s SSH log can provide more insight into why the connection is being prohibited. You can usually find this in `/var/log/auth.log` or `/var/log/secure` depending on your distribution. Look for any error messages or warnings related to `sshd`.

5. MaxStartups Parameter:

If many concurrent connections are being made to the SSH server, the `MaxStartups` parameter in `sshd_config` might be causing the issue. This parameter defines the maximum number of concurrent unauthenticated connections to the SSH daemon. You can increase this number or adjust the settings to allow more connections.

6. Other Policies & Security Tools:

If you’re working in a controlled environment, there might be additional security policies or tools in place that block certain types of traffic or actions. For instance, tools like `SELinux` or `AppArmor` might restrict SSH operations. Check their configurations and logs for any potential issues.

After making any changes, always remember to test the connection again. If the problem persists, try to get more detailed error messages or logs to help pinpoint the exact issue.

Understanding SSH config file with Examples

What is SSH authorized_keys file and how to check it

Understanding SSH Key with Examples