Not that it’s any great discovery, but since I didn’t get a good hit when I was searching for this myself, I figure I’ll write this up a bit.
I wanted to use VNC over SSH to my headless OSX box (yes, I own an OSX box, no, I’m not a traitor to the Linux race) from outside my network. But when I tried to connect across the tunnel, I kept getting this “channel 3: open failed: administratively prohibited: open failed” on the Mac side. There are lots of hits for that phrase out there, many of them giving what might be good advice in some situations, but what I ended up having to do was to change my ssh arguments.
(Let’s pretend the external IP of the Mac is foo.example.com, and the internal address is 10.55.55.55.)
I was doing this:
ssh foo.example.com -L 5901:localhost:5900
but what I needed to do was this:
ssh foo.example.com -L 5901:10.55.55.55:5900
(FYI, yes, there is a ‘Linux race’. The papers have been filed with and approved by the World Racial Administration, and your direct or indirect use of the Linux kernel makes you eligible for membership. Benefits include a free copy of the kernel and a sense of superiority over any other groups of people you choose.)