paramiko.ssh_exception.SSHException: TCP forwarding request denied

Question

I am using paramiko's rforward.py demo script which demonstrates how a reverse SSH tunnel works. The code contains the following lines:
transport.request_port_forward('', server_port)

When I run this code, I get the following error:

Traceback (most recent call last):
  File "C:\Users\Name\Documents\bh_python\rforward.py", line 167, in <modul
e>
    main()
  File "C:\Users\Name\Documents\bh_python\rforward.py", line 160, in main
    reverse_forward_tunnel(options.port, remote[0], remote[1], client.get_transp
ort())
  File "C:\Users\Name\Documents\bh_python\rforward.py", line 73, in reverse
_forward_tunnel
    transport.request_port_forward('', server_port)
  File "build\bdist.win32\egg\paramiko\transport.py", line 775, in request_port_
forward
paramiko.ssh_exception.SSHException: TCP forwarding request denied

Here is the transport.request_port_forward code in question:

def request_port_forward(self, address, port, handler=None):
        if not self.active:
            raise SSHException('SSH session not active')
        port = int(port)
        response = self.global_request('tcpip-forward', (address, port), wait=True)
        if response is None:
            raise SSHException('TCP forwarding request denied')
        if port == 0:
            port = response.get_int()
        if handler is None:
            def default_handler(channel, src_addr, dest_addr_port):
                #src_addr, src_port = src_addr_port
                #dest_addr, dest_port = dest_addr_port
                self._queue_incoming_channel(channel)
            handler = default_handler
        self._tcp_handler = handler
        return port`

It seems like my system is denying the request for a port forwarding. How can I verify this and fix the issue? I am running on Windows 7.

Answer 1

That sounds like something being blocked on the server. While I'm not very familiar with Windows, I believe it should be possible to install an SSH command-line client and attempt to duplicate with the ssh client what you're doing with Paramiko. If it works with the SSH client, you know there's an issue with your code. Otherwise you have a server configuration issue.

Answer 2

This just happened to me, usually this is the kind of error you'd get if the machine you were attempting to port forward didn't want you forwarding the port it is forwarding.

1. It could be a reserved port on the machine you are forwarding on (i.e. < 1024)
2. It could be a port that is already listening (do you have another instance of the program running, if you can get netstat -an on the server, you may see that port there )
3. You could have selinux (or other security) policies blocking the user you are logging in as

Paramiko is blocking me for a completely different reason than these three I've suggested. The code from the paramiko docs is pretty good, but needs a bit of improvement to handle errors.

You should probably handle that error and try again in a bit if it doesn't work the first time.