diff --git a/bin/hardening/99.5.2.4_ssh_keys_from.sh b/bin/hardening/99.5.2.4_ssh_keys_from.sh
index 073963f..5699122 100755
--- a/bin/hardening/99.5.2.4_ssh_keys_from.sh
+++ b/bin/hardening/99.5.2.4_ssh_keys_from.sh
@@ -26,7 +26,7 @@ AUTHKEYFILE_PATTERN_DEFAULT=".ssh/authorized_keys .ssh/authorized_keys2"
 
 ALLOWED_IPS=""
 USERS_TO_CHECK=""
-EXCEPTION_USER=""
+EXCEPTION_USERS=""
 
 ALLOWED_NOLOGIN_SHELLS="/bin/false /usr/sbin/nologin"
 
@@ -137,7 +137,10 @@ audit() {
             continue
         else
             info "User $user has a valid shell ($shell)."
-            if [ "$user" = "root" ] && [ "$user" != "$EXCEPTION_USER" ]; then
+            if grep -qw "$user" <<<"$EXCEPTION_USERS"; then
+                info "User $user is named in EXEPTION_USERS and is thus skipped from check."
+                continue
+            elif [ "$user" = "root" ]; then
                 check_dir /root
                 continue
             elif $SUDO_CMD [ ! -d /home/"$user" ]; then
@@ -164,7 +167,7 @@ status=audit
 # Put authorized IPs you want to allow in "from" field of authorized_keys
 ALLOWED_IPS=""
 USERS_TO_CHECK=""
-EXCEPTION_USER=""
+EXCEPTION_USERS=""
 EOF
 }
 
diff --git a/tests/hardening/99.5.2.4_ssh_keys_from.sh b/tests/hardening/99.5.2.4_ssh_keys_from.sh
index 4da2290..a675d64 100644
--- a/tests/hardening/99.5.2.4_ssh_keys_from.sh
+++ b/tests/hardening/99.5.2.4_ssh_keys_from.sh
@@ -2,7 +2,7 @@
 # run-shellcheck
 test_audit() {
     # shellcheck disable=2154
-    echo 'EXCEPTION_USER="root"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
+    echo 'EXCEPTION_USERS=""' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
 
     skip_tests
     # shellcheck disable=2154
@@ -12,12 +12,29 @@ test_audit() {
     describe Running on blank host
     register_test retvalshouldbe 0
     dismiss_count_for_test
+    register_test contain "[INFO] User root has a valid shell"
     register_test contain "[WARN] secaudit has a valid shell but no authorized_keys file"
     register_test contain "[INFO] User jeantestuser has a valid shell"
     register_test contain "[INFO] User jeantestuser has no home directory"
     # shellcheck disable=2154
     run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
+    mkdir -p /root/.ssh
+    ssh-keygen -N "" -t ed25519 -f /tmp/rootkey1
+    cat /tmp/rootkey1.pub >>/root/.ssh/authorized_keys
+    describe Check /root is used for root user instead of home by placing key without from field
+    register_test retvalshouldbe 1
+    run rootcheck "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    echo 'EXCEPTION_USERS="root exceptiontestuser"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
+    useradd -s /bin/bash exceptiontestuser
+    describe Check multiple exception users are skipped
+    register_test retvalshouldbe 0
+    register_test contain "[INFO] User root is named in EXEPTION_USERS and is thus skipped from check."
+    register_test contain "[INFO] User exceptiontestuser is named in EXEPTION_USERS and is thus skipped from check."
+    # shellcheck disable=2154
+    run exceptionusers "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
     mkdir -p /home/secaudit/.ssh
     touch /home/secaudit/.ssh/authorized_keys2
     describe empty authorized keys file
@@ -74,7 +91,9 @@ test_audit() {
     run checkuser "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     # Cleanup
+    userdel exceptiontestuser
     userdel jeantestuser
     userdel -r jeantest2
-    rm -f /tmp/key1 /tmp/key1.pub
+    rm -f /tmp/key1 /tmp/key1.pub /tmp/rootkey1.pub
+    rm -rf /root/.ssh
 }