Bypassing ssh firewall by overriding Type of Service headers for TCP packets in routers

I was recently having issues when trying to ssh into one of my servers. The normal debugging techniques and solutions didn't work for me and I had to debug this in depth to figure out the issue was actually with my router blocking the packets

The actual problem.!

When you ask for a regular ssh terminal, ssh sets the TCP packet type of service (ToS) to "interactive". I was working from a cafe using a public wifi hotspot and the public wifi router that I was using was blocking those packet types!


So I now need to way to figure out and bypass those headers that were being set. I found that using netcat, the tunnelled TCP packets get no type of service directives. Thus, if you tunnel all your ssh traffic through netcat, you reset the ToS of the TCP packets to the default ones.

you can just add this to your ssh config file (either ~/.ssh/config or /etc/ssh/ssh_config):

Host *  
  ProxyCommand nc %h %p
What is Type of Service(ToS)

The type of service (ToS) field in the IPv4 header. It had various definitions over time and the modern redefinition of the ToS field is a six-bit Differentiated Services Code Point (DSCP) field and a two-bit Explicit Congestion Notification (ECN) field.

The ToS field could specify a datagram's priority and request a route for low-delay, high-throughput, or highly-reliable service.

Based on these ToS values, a packet would be placed in a prioritized outgoing queue, or take a route with appropriate latency, throughput, or reliability.

comments powered by Disqus