I have a question regarding the OOD_SSHHOST_ALLOWLIST regex syntax, specifically is there a type of regex which would help me format it? We have a cluster which has the following naming convention: node1,node2… node19,node20… and I’m having problems formatting the allow list for those hosts.

I was able to find Rubular: a Ruby regular expression editor which helped with the host_regex , so I’m wondering if there might be something similar if I understood what it was looking for.


I’m not sure what you mean here. Format the regex you need for your hosts? What does the hostnames look like? I see you mention they have node# in their names so are you asking how to write a regex to capture those numbers? Can you send the rest of what the pattern would need to catch?

Sure the pattern is this:




I tried node[1-30] but that didn’t work and I tried node[1-9][0-9] which also didn’t work. Since this cluster is set to retire in the next 6 months I’d be up for something less secure like node?? or node* if that is the proper syntax. Although we are planning on not using padding zeros so a good solution is prefered.


Is this for ssh from the compute hosts to the OnDemand server, or from the OnDemand server to the compute hosts?

I think for the latter, configuring the /etc/ssh/sshd_config on the compute hosts is desired, no?

Wouldn’t the OnDemand AllowHosts be for incoming connections?

They’re globs not regular expressions. You can have several globs and they’re : separated.

So you’d probably need something like node[0-9]:node[0-9][0-9], one for 1 digit and another for 2. You can use stars, * but it is less secure - or at least could grab nodes you don’t want folks shelling into.


Thanks for the clarification. That makes sense.

@bennet This was from the OOD host to the nodes, specifically clicking on the node name in the interactive sessions tab. I thought it was a networking problem, but when one of the abnormally nodes worked I realized it was this entry not matching.

And thank you for the clarification, as well. This is an outbound list from OnDemand, I now see. Sorry for the noise.