I have a SSH reverse port forward set up with the following command:
autossh -N -R 0.0.0.0:22722:127.0.0.1:22 -i /tmp/my_ssh_key -o StrictHostKeyChecking=no -p 22 -4 -C reverseportforward@myserver
This works fine, but each (exactly) 10 minutes it disconnects (and reconnects again, probably because I'm using autossh). Running as root does not help. The client always shows the following error message when it disconnects (the channel can vary):
channel 2: open failed: administratively prohibited: open failed
My /etc/ssh/sshd_config file on the server looks like this:
PermitRootLogin no
MaxAuthTries 1
PubkeyAuthentication yes
PasswordAuthentication no
IgnoreRhosts yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
ClientAliveInterval 30
ClientAliveCountMax 60
Compression no
Protocol 2
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
Match User portforward
AllowTcpForwarding yes
GatewayPorts yes
Match User reverseportforward
# i am using this user to log in, which has no tty on the system
AllowTcpForwarding remote
GatewayPorts yes
Running autossh with AUTOSSH_DEBUG=1 says the following when the connection drops and reconnects:
2020-04-28T17:01:28.592069229Z autossh[6]: timeout polling to accept read connection
2020-04-28T17:01:28.592197780Z autossh[6]: port down, restarting ssh
2020-04-28T17:01:28.593327889Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:01:28.593358844Z autossh[6]: checking for grace period, tries = 0
2020-04-28T17:01:28.593368126Z autossh[6]: starting ssh (count 38)
2020-04-28T17:01:28.593666070Z autossh[6]: ssh child pid is 54
2020-04-28T17:01:28.593690737Z autossh[6]: check on child 54
2020-04-28T17:01:28.593700290Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:01:28.593708796Z autossh[6]: set alarm for 600 secs
2020-04-28T17:01:28.593717058Z autossh[54]: child of 6 execing /usr/bin/ssh
2020-04-28T17:11:28.594031723Z autossh[6]: received SIGALRM (end-of-life 0)
2020-04-28T17:11:28.637068054Z channel 1: open failed: administratively prohibited: open failed
# It keeps connected at this point until the next line:
2020-04-28T17:11:43.609415674Z autossh[6]: timeout polling to accept read connection
2020-04-28T17:11:43.609492523Z autossh[6]: port down, restarting ssh
2020-04-28T17:11:43.611233146Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:11:43.611271012Z autossh[6]: checking for grace period, tries = 0
2020-04-28T17:11:43.611283209Z autossh[6]: starting ssh (count 39)
2020-04-28T17:11:43.611512721Z autossh[6]: ssh child pid is 55
2020-04-28T17:11:43.611700660Z autossh[6]: check on child 55
2020-04-28T17:11:43.611754603Z autossh[6]: clear alarm timer (0 secs left)
2020-04-28T17:11:43.611766769Z autossh[6]: set alarm for 600 secs
2020-04-28T17:11:43.611776685Z autossh[55]: child of 6 execing /usr/bin/ssh
This problem does not seem to happen with a direct port forward, which I run with the following command:
autossh -N -L 0.0.0.0:2222:127.0.0.1:22 -i /tmp/my_ssh_key -o StrictHostKeyChecking=no -p 22 -4 -C portforward@myserver
For now I can bypass this problem by setting the env variable AUTOSSH_PORT=0 when running autossh, but probably this is far than ideal (will see how it works after a couple of days of 24/7 connection)
Best Answer
In my case, this behavior was caused by simultaneous connections to the server of two computers with the same autossh monitoring port (-M). They were so surprised.