Using Wildcards in Ubuntu SSH Client Config

This article explains how to use wildcards in the Host definitions of the Ubuntu Linux SSH client configuration file. You will learn about the supported wildcard characters, how the SSH client interprets them, and practical configuration examples to simplify managing multiple remote connections.

Yes, you can use wildcards in the Host definitions of your Ubuntu Linux SSH client configuration file (typically located at ~/.ssh/config or /etc/ssh/ssh_config). Wildcards are highly useful for applying consistent settings—such as usernames, port numbers, or private key paths—across a group of servers without writing separate entries for each one.

Supported Wildcard Characters

The SSH client configuration supports three primary pattern-matching operators in Host definitions:

• * (Asterisk): Matches zero or more characters. This is the most commonly used wildcard.
• ? (Question Mark): Matches exactly one character.
• ! (Exclamation Mark): Negates a match. If placed at the start of a pattern, it excludes hosts that match the subsequent pattern.

Practical Examples

Here is how you can implement wildcards in your ~/.ssh/config file:

1. Matching Subdomains

If you frequently connect to various servers under a specific domain, you can group them using the asterisk wildcard:

Host *.example.com
    User admin
    Port 2222
    IdentityFile ~/.ssh/id_ed25519

In this scenario, running ssh web.example.com or ssh db.example.com will automatically use the username admin, port 2222, and the specified private key.

2. Matching Specific IP Ranges

You can target local network ranges or specific subnets using wildcards:

Host 192.168.1.*
    User localuser
    ForwardX11 yes

Any SSH connection initiated to an IP address starting with 192.168.1. will apply these settings.

3. Single-Character Matching

If your servers follow a strict naming convention with single-digit differences, use the question mark:

Host node-?
    User cluster-admin

This configuration applies to node-1, node-2, or node-a, but will not match node-10 or node-backend.

4. Global Defaults (Catch-All)

You can use a single asterisk to apply fallback settings for all hosts.

Host *
    Compression yes
    ServerAliveInterval 60

How SSH Processes Matches

The SSH client reads the configuration file from top to bottom. For any given connection, it searches for all Host blocks that match the hostname you typed.

If multiple blocks match, SSH merges the configurations. If there is a conflict (for example, two different usernames are defined), the first matching value found in the file takes precedence. Because of this, you should always place your most specific host definitions at the top of the file, and your generic wildcard definitions (like Host *) at the very bottom.