diff --git a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
index bef6154..ac5fd76 100755
--- a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
+++ b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh
@@ -19,6 +19,7 @@ DESCRIPTION="Checking permissions and ownership to root 644 for ssh public keys.
 
 DIR='/etc/ssh'
 PERMISSIONS='644'
+PERMISSIONSOK='644 640 600'
 USER='root'
 GROUP='root'
 
@@ -26,22 +27,12 @@ GROUP='root'
 audit() {
     ERRORS=0
     for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub'); do
-        has_file_correct_permissions "$FILE" "$PERMISSIONS"
+        has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
         if [ "$FNRET" = 0 ]; then
             ok "$FILE permissions were set to $PERMISSIONS"
         else
-            has_file_correct_permissions "$FILE" 640
-            if [ "$FNRET" = 0 ]; then
-                ok "$FILE permissions were set to $PERMISSIONS"
-            else
-                has_file_correct_permissions "$FILE" 600
-                if [ "$FNRET" = 0 ]; then
-                    ok "$FILE permissions were set to $PERMISSIONS"
-                else
-                    ERRORS=$((ERRORS + 1))
-                    crit "$FILE permissions were not set to $PERMISSIONS"
-                fi
-            fi
+            ERRORS=$((ERRORS + 1))
+            crit "$FILE permissions were not set to $PERMISSIONS"
         fi
 
     done
@@ -70,22 +61,12 @@ audit() {
 # This function will be called if the script status is on enabled mode
 apply() {
     for FILE in $($SUDO_CMD find $DIR -xdev -type f -name 'ssh_host_*_key.pub'); do
-        has_file_correct_permissions "$FILE" "$PERMISSIONS"
+        has_file_one_of_permissions "$FILE" "$PERMISSIONSOK"
         if [ "$FNRET" = 0 ]; then
             ok "$FILE permissions were set to $PERMISSIONS"
         else
-            has_file_correct_permissions "$FILE" 640
-            if [ "$FNRET" = 0 ]; then
-                ok "$FILE permissions were set to $PERMISSIONS"
-            else
-                has_file_correct_permissions "$FILE" 600
-                if [ "$FNRET" = 0 ]; then
-                    ok "$FILE permissions were set to $PERMISSIONS"
-                else
-                    warn "fixing $DIR SSH public keys permissions to $PERMISSIONS"
-                    chmod 0"$PERMISSIONS" "$FILE"
-                fi
-            fi
+            warn "fixing $DIR SSH public keys permissions to $PERMISSIONS"
+            chmod 0"$PERMISSIONS" "$FILE"
         fi
     done
 
diff --git a/lib/utils.sh b/lib/utils.sh
index 4ef7666..8237073 100644
--- a/lib/utils.sh
+++ b/lib/utils.sh
@@ -90,19 +90,17 @@ has_file_correct_ownership() {
 
 has_file_one_of_ownership() {
     local FILE=$1
-    local USERS_OK=$2
+    local USER=$2
     local GROUPS_OK=$3
 
     local USEROK=1
     local GROUPOK=1
-    
-    for USER in $USERS_OK; do
-        local USERID
-        USERID=$(id -u "$USER")
-        if [ "$($SUDO_CMD stat -c "%u" "$FILE")" = "$USERID" ]; then
-            USEROK=0
-        fi
-    done
+
+    local USERID
+    USERID=$(id -u "$USER")
+    if [ "$($SUDO_CMD stat -c "%u" "$FILE")" = "$USERID" ]; then
+        USEROK=0
+    fi
 
     for GROUP in $GROUPS_OK; do
         local GROUPID
@@ -130,6 +128,17 @@ has_file_correct_permissions() {
     fi
 }
 
+has_file_one_of_permissions() {
+    local FILE=$1
+    local PERMISSIONS=$2
+    FNRET=1
+    for PERMISSION in $PERMISSIONS; do
+        if [ "$($SUDO_CMD stat -L -c "%a" "$FILE")" = "$PERMISSION" ]; then
+            FNRET=0
+        fi
+    done
+}
+
 does_pattern_exist_in_file_nocase() {
     _does_pattern_exist_in_file "-Ei" "$@"
 }