SSH to ASA Server Displays a Warning: "Error forwarding client trust, proceeding anyway"
Sep 16, 2025
Advanced Server Access
Overview
The Forward Client Trust feature has been enabled on a project, but it is not working, and the following warning is displayed when connecting to the first target server:
WARNING: Error forwarding client trust, proceeding anyway: 'ssh: streamlocal-forward@openssh.com request denied by peer'
Applies To
- Advanced Server Access (ASA)
- Forward Client Trust
Cause
The target server's SSH configuration does not allow TCP forwarding. For most systems, TCP forwarding is allowed by default.
Solution
- SSH into the target server.
- Check if the AllowTcpForwarding setting is set to "no".
# sudo sshd -T | grep -i allowtcpforwarding allowtcpforwarding no
- Backup the sshd configuration file (/etc/ssh/sshd_config).
- Modify the sshd configuration file, replacing the line "AllowTcpForwarding no" with "AllowTcpForwarding yes".
AllowTcpForwarding yes
- Verify the sshd configuration.
# sudo sshd -t
- No output means that the configuration is valid. Proceeding with an invalid configuration can cause loss of SSH access.
- Restart sshd.
# sudo systemctl restart sshd
- Verify that TCP Forwarding is now allowed.
# sshd -T | grep -i allowtcpforwarding allowtcpforwarding yes
