OpenSSH/Pattern Matching in OpenSSH Configuration

A pattern consists of zero or more non-whitespace characters. An asterisk (*) matches zero or more characters in a row, and a question mark (?) matches exactly one character. For example, to specify a set of declarations that apply to any host in the "" set of domains in ssh_config(5), the following pattern could be used:

Host *

The following pattern would match any host in the - range:

Host 192.168.0.?

A pattern-list is a list of patterns separated by whitespace. The following list of patterns match hosts in both the "" or "" domains.

Host * *

Individual patterns by themselves or as part of a pattern-lists may be negated by preceding them with an exclamation mark (!). The following will match any host from except for gamma.

Host * !

Pattern lists in ssh_config(5) do not use commas. Pattern lists in keys need commas.

For example, to allow a key to be used from anywhere within an organisation except from the dialup pool, the following entry in authorized_keys could be used:


See also glob(7)