For host based access control, you can allow or deny hosts by entering a list of hostnames (like www.foo.com), IP addresses or hostname patterns (like *.foo.com). This kind of access control is not supported by all SSH server versions though.

For user or group based access control, user names can be either local login accounts (like jcameron), account patterns (like jcam*) or a combination of login and client hostname (like jcameron@www.foo.com). Allowed or denied groups can also be plain group names or group name patterns, but cannot include hostnames.