diff --git a/scanners/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh b/scanners/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh
index 7acdad89822974769d20c057bf26f43142351380..4b0c99d6406ef9b3de1e19e5a6b1d10afb38b6a3 100644
--- a/scanners/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh
+++ b/scanners/access-and-control/1.15-ensure-ssh-ignorerhosts-is-enabled.sh
@@ -1,6 +1,6 @@
 result=false
 
-sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -Eiq ^ignorerhosts\\s+yes && grep -Eiq 'ignorerhosts\s+yes' /etc/ssh/sshd_config && result=true
+sshd -T -C user=root -C host="$(hostname)" -C addr="$(grep $(hostname) /etc/hosts | awk '{print $1}')" | grep -Eiq ^ignorerhosts\\s+yes && ! (grep -Eiq '^\s*ignorerhosts\s+no\b' /etc/ssh/sshd_config) && result=true
 
 if [ "$result" = true ]; then
     echo "pass"