Good Morning, Reading on PATTERNS in ssh_config(5), I noticed only IPv4 wildcard and range options, but nothing for IPv6? I especially are interested in PATTERNS that have network subnets, like 2001:0DB8:dead:beef::/64 and 192.168.128.0/23 Hendrik
On 2025/10/09 08:43, hvjunk wrote:> Good Morning, > > Reading on PATTERNS in ssh_config(5), I noticed only IPv4 wildcard and range options, but nothing for IPv6? > > I especially are interested in PATTERNS that have network subnets, like 2001:0DB8:dead:beef::/64 and 192.168.128.0/23PATTERNS specifically documents the string based pattern matches which apply for various things including those that aren't addresses. While there are no examples there showing v6 addresses, the same match types for ? and * apply. (there are no examples in PATTERNS for bit masks in v4 addresses either). Bit mask matches are allowed where IP addresses are given and this is usually documented when an option takes an address - search in ssh_config or sshd_config for CIDR or masklen and you'll find some examples including for IPv6.
What are you trying to do? Most of the things that take addresses support
IPv6 CIDR masks, eg:
$ cat test_config
Match localnetwork 2000::/8
RefuseConnection "address matches"
Match All
RefuseConnection "address does not match"
$ ssh -F test_config foo
test_config line 2: RefuseConnection: address matches
On Thu, 9 Oct 2025 at 17:45, hvjunk <hvjunk at gmail.com> wrote:
> Good Morning,
>
> Reading on PATTERNS in ssh_config(5), I noticed only IPv4 wildcard and
> range options, but nothing for IPv6?
>
> I especially are interested in PATTERNS that have network subnets, like
> 2001:0DB8:dead:beef::/64 and 192.168.128.0/23
>
> Hendrik
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
On 09/10/2025 07:43, hvjunk wrote:> Reading on PATTERNS in ssh_config(5), I noticed only IPv4 wildcard and range options, but nothing for IPv6? > > I especially are interested in PATTERNS that have network subnets, like 2001:0DB8:dead:beef::/64 and 192.168.128.0/23It's not very sophisticated: it's just character matching as documented. Try: Host 2001:db8:dead:beef::* Host 192.168.128.*,192.168.129.* Note that it's only matching on what the user types as the hostname(*) (e.g. "ssh foo at 2001:db8:dead:beef::a:b:c:d"), not the resolved IP address. (*) Optionally also after hostname canonicalization