I have a Jetson Nano at home that I SSH into from my laptop. At home it’s on a local IP, but when I’m out I reach it via a public IP. I got tired of switching between ssh jetson-home and ssh jetson-www depending on where I am.
A VPN like Tailscale or WireGuard would also solve this, but I don’t always remember to switch it on. I wanted something that just works without thinking about it.
SSH doesn’t have a native fallback host option, but ProxyCommand with nc does the trick:
Host jetson-home
User me
HostName 192.168.1.100
Host jetson-www
User me
HostName 203.0.113.50
Host jetson
User me
ProxyCommand bash -c 'nc -w 2 192.168.1.100 22 2>/dev/null || nc -w 2 203.0.113.50 22'
nc -w 2 opens a raw TCP connection with a 2 second timeout. SSH’s ProxyCommand expects a command that pipes stdin/stdout to the remote SSH port — nc does exactly that. If the local IP doesn’t respond within 2 seconds (I’m not home), the || kicks in and tries the public IP instead. SSH then does its normal handshake over whichever connection succeeded.
Now ssh jetson just works from anywhere. I can still use ssh jetson-home or ssh jetson-www directly if I want to force one.
Host key gotcha Link to heading
One thing to watch out for — when using ProxyCommand, SSH identifies the host by the config name (jetson) rather than the IP. If your known_hosts only has entries for the IPs, you’ll get a host key verification failure. Fix it by adding the alias:
echo 'jetson ssh-ed25519 AAAAC3...' >> ~/.ssh/known_hosts
Or just connect once with ssh -o StrictHostKeyChecking=accept-new jetson.