ssh tunnel refusing connections with "channel 2: open failed"

Solution 1:

Problem solved:

$ ssh -L 7000:127.0.0.1:7000 [email protected] -N -v -v

...apparently, 'localhost' was not liked by the remote host. Yet, remote /etc/hosts contains:

::1                     localhost localhost.
127.0.0.1               localhost localhost.

while the local network interface is

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33184
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2

Sigh. so much for the bounty of 100rp I put on :)

Solution 2:

Although OP's problem has already been solved, I decided to share the solution for my problem, because I got the same error message from ssh and I didn't find any solution on other sites.

In my case I had to connect to the service which listens only on IPv6. I tried:

ssh -f [email protected] -L 51005:127.0.0.1:51005 -N
ssh -f [email protected] -L 51005:localhost:51005 -N

and a few other ways but it didn't work. Any try of connection to http://localhost:51005 causes errors like this: channel 2: open failed: connect failed: Connection refused

The solution is:

ssh -f [email protected] -L 51005:[::1]:51005 -N

IPv6 address must be in square brackets.


Solution 3:

I would first try this.

$ ssh -L 7000:127.0.0.1:7000 [email protected] -N -v -v

You can use "-v" up to 3 times to increase verbosity.

I think this error message can arise if a firewall blocks port 7000, but you had already ruled that out. (If later readers haven't ruled that out, look at the output of netstat --numeric-ports.)

I think I might have seen this error message a long time ago, when ssh first became aware of IPV6 addresses following an update. I could be wrong about that. If you feel like experimenting, you can try the IPV6 loopback address "0:0:0:0:0:0:0:1" (or "::1").


Solution 4:

"...apparently, 'localhost' was not liked by the remote host. Yet, remote /etc/hosts contains:"

Except you were running ssh on the client, so 'localhost' was not liked by your client. The remote /etc/hosts file is for the remote connecting out not incoming connections.


Solution 5:

I encountered this same error while trying to connect to mysql on another server via an ssh tunnel. I found that the bind-address parameter in /etc/my.cnf on the target server was bound to my external ip (dual NIC server) rather than internal, which I had no use for.

When I set bind-address=127.0.0.1, I could successfully use my ssh tunnel as follows:

ssh -N -f -L 3307:127.0.0.1:3306 [email protected]

mysql -h 127.0.0.1 --port=3307 --protocol=TCP -uusername -ppassword