SSH Public Key Regex Pattern
Matches an OpenSSH public key in the format: type base64 [comment].
Pattern
^ssh-(?:rsa|ed25519|dss|ecdsa-sha2-nistp(?:256|384|521))\s+[A-Za-z0-9+/]+=*(?:\s+\S+)?$Tested examples
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ== user@hostssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIabcdefssh-foo barrsa AAAA==Test it live
Live Regex TesterJS
0 matches/
/g
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ== user@host ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIabcdef
Use it in your language
Use it in
// JavaScript / Node.js
const regex = /^ssh-(?:rsa|ed25519|dss|ecdsa-sha2-nistp(?:256|384|521))\s+[A-Za-z0-9+/]+=*(?:\s+\S+)?$/;
const value = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ== user@host";
const isMatch = regex.test(value);
console.log(isMatch); // true / false
// Extract all matches
const matches = value.match(/^ssh-(?:rsa|ed25519|dss|ecdsa-sha2-nistp(?:256|384|521))\s+[A-Za-z0-9+/]+=*(?:\s+\S+)?$/g) || [];Tags
Frequently asked questions
How do I use the SSH Public Key regex pattern in JavaScript?
Wrap the pattern in slashes: const re = /^ssh-(?:rsa|ed25519|dss|ecdsa-sha2-nistp(?:256|384|521))\s+[A-Za-z0-9+/]+=*(?:\s+\S+)?$/; — then call re.test(value) to check a single value, or value.match(re) to find matches. The "Use it in" snippets above give you the exact code for 9 languages.
Is this ssh public key regex production-ready?
Yes — every pattern in the library is tested against valid and invalid examples. Still, regex is one layer in a defense-in-depth strategy: pair it with server-side validation (e.g. Luhn for credit cards, mod-97 for IBAN, real DNS lookup for emails) for critical inputs.
Why does my pattern fail in another language?
Different regex engines (PCRE, Java, Python, Go's RE2) support slightly different syntax. The most common gotchas: lookbehinds (not in RE2), named groups syntax, and how backslashes need to be escaped inside string literals. The code snippets above already escape correctly for each language.
Can I edit this pattern and test it live?
Yes — use the live tester above. Type your test string and toggle flags (g, i, m, s, u, y) to see matches highlighted instantly, including capture groups.
Related patterns
See all Security →Security
SQL Injection Detection
Detects suspicious SQL injection patterns.
SecurityStrong Password
At least 12 characters with lowercase, uppercase, digit, and special character.
SecurityJWT Token
Validates the structure of a JSON Web Token (three Base64URL parts separated by dots).
SecurityUltra-Secure Password
Minimum 12 characters, must include uppercase, lowercase, number, and special character.
SecurityBasic XSS Detection
Detects common XSS patterns.
SecurityTOTP / OTP Code
Validates 6-digit one-time passwords (TOTP, Google Authenticator, SMS OTP).
Browse the full library — 250 tested regex patterns across 16 categories.