Home/ Questions/Q 8201807
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T06:56:25+00:00

I am not a regular expressions expert, but I thought I understood the basics.

  • 0

I am not a regular expressions expert, but I thought I understood the basics. I was reading a tutorial that mentioned using this syntax:

$ ps -ewwo pid,args | grep [s]sh

to determine if SSHD is running or not.

I do not understand why the first s is in brackets. I would think that ssh and [s]sh would yield the same results, but I actually get different results.

$ ps -ewwo pid,args | grep [s]sh
 1258 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session gnome-session --session=ubuntu
 2988 /usr/sbin/sshd -D

$ ps -ewwo pid,args | grep ssh
 1258 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session gnome-session --session=ubuntu
 2988 /usr/sbin/sshd -D
 3082 grep --color=auto ssh

So why does it find the 3rd result in the second example?

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The regular expressions [a]bc and abc match exactly the same set of strings, but they’re being applied to different data, because the command-line arguments to grep appear in the output of the ps command.

    Using [a]bc causes the literal string "[a]bc" to appear in the output of ps — and this isn’t matched by the regular expression [a]bc.

    The idea is to avoid matching the line for the grep command itself.

    • 0