SSH TCP forwarding not working

IpFire has a setting to allow SSH and enable TCP port forwarding. However, that does not work. You will get an error like this:

channel 3: open failed: administratively prohibited: open failed

The problem is that in sshd_config the option PermitOpen is set to none, thereby not allowing any forwarding.

I think the option to enable TCP forwarding should be removed entirely, if the PermitOpen none is intentional. Or maybe PermitOpen none should be removed to allow unrestricted forwarding. Or the GUI could even be extended to let one configure one or more destinations.

Some further investigation shows this may have been an unintended side-effect of the hardening of the SSH server as documented here