Port forwarding(proxy) connections when using the native client might fail with Error "Administratively prohibited"
Causes and Solution:
Ensure the following PrivX settings:
- Ensure that setting "ssh_default_extensions" includes the keywords
permit-X11-forwarding in the Authorizer config file (/opt/privx/etc/authorizer.toml)
- The forwarder must be enabled on the Extender. In the Extender-configuration file (/opt/privx/etc/ssh-proxy.toml on the Extender host), ensure that the 'forwarder_enabled' setting is 'true'.
- If connecting to localhost, ensure you have set
allow_connect_to_loopback = true and
allow_connect_to_local_addresses = true the Extender-configuration file.
- The target-host IP address must belong in the allowed Subnets of the Extender. These can be verified via the PrivX GUI->Settings->Deployment->Deploy VPC/VPN extenders, under the Extender configuration.
- Ensure session recording is disabled for the target host. You can check this in the host settings, via the PrivX GUI->Settings->Hosts.
Also ensure that:
- The ssh-proxy can establish connections to connection manager.
- Your PrivX license is valid.