diff --git a/bin/hardening/99.5.4_ssh_keys_from.sh b/bin/hardening/99.5.4_ssh_keys_from.sh
index b0f4b20..a760a5f 100755
--- a/bin/hardening/99.5.4_ssh_keys_from.sh
+++ b/bin/hardening/99.5.4_ssh_keys_from.sh
@@ -22,6 +22,7 @@ AUTHKEYFILE_PATTERN=""
 AUTHKEYFILE_PATTERN_DEFAULT=".ssh/authorized_keys .ssh/authorized_keys2"
 
 ALLOWED_IPS=""
+USERS_TO_CHECK=""
 
 ALLOWED_NOLOGIN_SHELLS="/bin/false /usr/sbin/nologin"
 
@@ -111,15 +112,21 @@ audit () {
         debug "Set default pattern for authorized_keys file."
     fi
 
-    for line in $($SUDO_CMD cat /etc/passwd | cut -d ":" -f 1,7); do
+    if [ -z "$USERS_TO_CHECK" ]; then
+        USERS_TO_CHECK=$($SUDO_CMD cat /etc/passwd | cut -d ":" -f 1)
+        debug "Checking all users: $USERS_TO_CHECK"
+    else
+        debug "Checking only selected users: $USERS_TO_CHECK"
+    fi
+
+    for user in $USERS_TO_CHECK; do
         # Checking if at least one AuthKeyFile has been found for this user
         FOUND_AUTHKF=0
-        user=$(echo "$line" | cut -d ":" -f 1);
-        shell=$(echo "$line" | cut -d ':' -f 2);
+        shell=$(getent passwd "$user" | cut -d ':' -f 7);
         if grep -q "$shell" <<< "$ALLOWED_NOLOGIN_SHELLS" ; then
             continue
         else
-            info "User $user has a valid shell.";
+            info "User $user has a valid shell ($shell).";
             if [ "x$user" = "xroot" ]; then
                 check_dir /root
                 continue
@@ -146,6 +153,7 @@ create_config() {
 status=audit
 # Put authorized IPs you want to allow in "from" field of authorized_keys
 ALLOWED_IPS=""
+USERS_TO_CHECK=""
 EOF
 }
 
diff --git a/tests/hardening/99.5.4_ssh_keys_from.sh b/tests/hardening/99.5.4_ssh_keys_from.sh
index 85ebb1a..435f336 100644
--- a/tests/hardening/99.5.4_ssh_keys_from.sh
+++ b/tests/hardening/99.5.4_ssh_keys_from.sh
@@ -45,8 +45,17 @@ test_audit()  {
     register_test retvalshouldbe 0
     run allwdfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
+    useradd -s /bin/bash -m jeantest2
+    # shellcheck disable=2016
+    echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>  /opt/debian-cis/etc/conf.d/"${script}".cfg
+    describe Check only specified user
+    register_test retvalshouldbe 0
+    run checkuser /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+
     # Cleanup
     userdel jeantestuser
+    userdel jeantest2
     rm -f /tmp/key1 /tmp/key1.pub
 }