diff --git a/wo/cli/plugins/secure.py b/wo/cli/plugins/secure.py
index 7016c4d..a0ac649 100644
--- a/wo/cli/plugins/secure.py
+++ b/wo/cli/plugins/secure.py
@@ -172,7 +172,12 @@ class WOSecureController(CementBaseController):
                     break
             port = (ssh_line).split(' ')
             current_ssh_port = (port[1]).strip()
-            data = dict(sshport=current_ssh_port, allowpass='no')
+            if os.getenv('SUDO_USER'):
+                sudo_user = os.environ['SUDO_USER']
+            else:
+                sudo_user = ''
+            data = dict(sshport=current_ssh_port, allowpass='no',
+                        user=sudo_user)
             WOTemplate.render(self, '/etc/ssh/sshd_config',
                               'sshd.mustache', data)
             WOGit.add(self, ["/etc/ssh"],
diff --git a/wo/cli/templates/sshd.mustache b/wo/cli/templates/sshd.mustache
index cdd2939..2266ee2 100644
--- a/wo/cli/templates/sshd.mustache
+++ b/wo/cli/templates/sshd.mustache
@@ -10,7 +10,7 @@ HostKey /etc/ssh/ssh_host_ed25519_key
 PermitRootLogin without-password
 
 # Allow ssh access to some users only
-AllowUsers root ubuntu debian
+AllowUsers root ubuntu debian {{user}}
 
 # allow ssh key Authentication
 PubkeyAuthentication yes