June 2, 2014

administratively prohibited: open failed

By Leif Uncategorized 0 Comments

I’m using SSH to access my servers on the Internet, and use these same servers as proxies for my web surfing. SSH has a great way of doing this. In your SSH config file, simply use:

DynamicForward 127.0.0.1:1080

This will tell your local SSH client to open port 1080 and become a SOCKS proxy.

However, it so happened that for no apparent reason, I started seeing lots of error messages and huge latency. Typically, I’d get messages such as these:

user@host:~$ channel 5: open failed: administratively prohibited: open failed channel 5: open failed: administratively prohibited: open failed channel 4: open failed: administratively prohibited: open failed channel 4: open failed: administratively prohibited: open failed channel 4: open failed: administratively prohibited: open failed channel 4: open failed: administratively prohibited: open failed

At one point the problem became so big, that DNS broke.

user@host:~$ nslookup - 8.20.247.20 www.google.com Server: 8.20.247.20 Address: 8.20.247.20#53

** server can't find www.google.com.domain.tld: SERVFAIL

So I switched to Google’s DNS servers and those of my hoster to test, who were both able to resolve correctly and the problem disappeared.

Conclusion: if your DNS fails to resolve names, you get “administratively prohibited: open failed” errors from your SSH SOCKS proxy.