OpenSSH/Pattern Matching in OpenSSH Configuration

< OpenSSH

A pattern consists of zero or more non-whitespace characters. An asterisk (*) matches zero or more characters in a row, and a question mark (?) matches exactly one character. For example, to specify a set of declarations that apply to any host in the ".co.uk" set of domains in ssh_config, the following pattern could be used:

Host *.co.uk

The following pattern would match any host in the 192.168.0.1 - 192.168.0.9 range:

Host 192.168.0.?

A pattern-list is a comma-separated list of patterns. The following list of patterns match hosts in the ".co.uk" or ".ac.uk" domains.

Host *.co.uk, *.ac.uk

Individual patterns by themselves or as part of a pattern-lists may be negated by preceding them with an exclamation mark (!). The following will match any host from example.org except for gamma. 

Host *.example.org !gamma.example.org


For example, to allow a key to be used from anywhere within an organisation except from the dialup pool, the following entry in authorized_keys could be used:

from="!*.dialup.example.com,*.example.com"

See also glob(7)

 

OpenSSH

Overview Why Encryption Protocols Implementations Clients Client Configuration Server Patterns Utilities Third Party Logging Development
  Cookbook: Remote Processes Tunnels Automated Backup File Transfer with SFTP Public Key Authentication Host-based Authentication Load Balancing Multiplexing Proxies and Jump Hosts  


This article is issued from Wikibooks. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.