diff --git a/core/addAndCheckGitRepository.sh b/core/addAndCheckGitRepository.sh
index ac6868f..a002faa 100755
--- a/core/addAndCheckGitRepository.sh
+++ b/core/addAndCheckGitRepository.sh
@@ -38,7 +38,7 @@ function cloneOrPull {
         && return 0
 
     ! [ -d "${_FOLDER}/.git" ] \
-        && git clone "${_REPOSITORY}" "${_FOLDER}" &> /dev/null \
+        && GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new" git clone "${_REPOSITORY}" "${_FOLDER}" &> /dev/null \
         && return 0
 
     echo "FAIL: The local repository is not updatable:       ("$(readlink -f ${0})")" >&2
diff --git a/core/default/etc/ssh/sshd_config.d/AccessRestriction.conf b/core/default/etc/ssh/sshd_config.d/AccessRestriction.conf
new file mode 100644
index 0000000..a85f086
--- /dev/null
+++ b/core/default/etc/ssh/sshd_config.d/AccessRestriction.conf
@@ -0,0 +1,10 @@
+# Allows user 'root' to use ssh always.
+# This should prevent lockout because access is allowed without group membership.
+#    For details see: https://serverfault.com/questions/617081/how-to-use-both-allowgroups-and-allowusers-in-sshd-config 
+AllowUsers root
+# 1. Create custom group 'ssh_login' of type system if not exist:
+#    - addgroup --system "ssh_login"
+# 2. Additionally allow users of group 'ssh_login' to use ssh only:
+#    - adduser "${USER}" "ssh_login"
+Match group ssh_login
+    AllowUsers *
diff --git a/core/defineAuthorizedKeysOfUser.sh b/core/defineAuthorizedKeysOfUser.sh
index 6b9cb23..fcbbed3 100755
--- a/core/defineAuthorizedKeysOfUser.sh
+++ b/core/defineAuthorizedKeysOfUser.sh
@@ -10,6 +10,11 @@ function prepareFolder() {
     _USER="${_HOME_FOLDER##*/}"            #Removes longest matching pattern '*/'     from the begin
     readonly _HOME_FOLDER _SSH_FOLDER _USER
 
+    ! id "${_USER}" &> /dev/null \
+        && echo "FAIL: The given user does not exist:               ("$(readlink -f ${0})")" \
+        && echo "  - '${_USER}'" \
+        && return 1
+
     ! [ -d "${_HOME_FOLDER}" ] \
         && echo "FAIL: The home folder is unavailable:              ("$(readlink -f ${0})")" \
         && echo "  - '${_HOME_FOLDER}'" \
@@ -50,6 +55,40 @@ function prepareFolder() {
     return 1
 }
 
+function ensureGroupMembership() {
+    local _SSH_GROUP _USER
+    _SSH_GROUP="ssh_login"
+    _USER="${1:?"ensureGroupMembership(): Missing first parameter USER"}"
+    readonly _SSH_GROUP _USER
+
+    ! id "${_USER}" &> /dev/null \
+        && echo "FAIL: The given user does not exist:               ("$(readlink -f ${0})")" \
+        && echo "  - '${_USER}'" \
+        && return 1
+
+    ! getent group | cut -d: -f1 | grep -qF "${_SSH_GROUP}" \
+        && addgroup --system --quiet "${_SSH_GROUP}" \
+        && adduser --quiet "${_USER}" "${_SSH_GROUP}" \
+        && echo "SUCCESS: Group was created and user was added:     ("$(readlink -f ${0})")" \
+        && echo "  - Group: '${_SSH_GROUP}'" \
+        && echo "  - User:  '${_USER}'" \
+        && return 0
+
+    # Ensure the group exists then add user
+    getent group | cut -d: -f1 | grep -qF "${_SSH_GROUP}" \
+        && adduser --quiet "${_USER}" "${_SSH_GROUP}" \
+        && echo "SUCCESS: Group already exists and user was added:  ("$(readlink -f ${0})")" \
+        && echo "  - Group: '${_SSH_GROUP}'" \
+        && echo "  - User:  '${_USER}'" \
+        && return 0
+
+    echo "FAIL: The user could not be added to the group:           ("$(readlink -f ${0})")" >&2
+    echo "  - Group: '${_SSH_GROUP}'" >&2
+    echo "  - User:  '${_USER}'" >&2
+    echo "  - due to an error or insufficient rights." >&2
+    return 1
+}
+
 function defineAuthorizedKeysOfUser() {
     local _CIS_ROOT _CORE_SCRIPTS _DOMAIN _DEFINITIONS _USER
     _DEFINITIONS="$(realpath -s "${1:?"Missing first parameter DEFINITIONS: 'ROOT/definitions/DOMAIN'"}")"
@@ -67,13 +106,19 @@ function defineAuthorizedKeysOfUser() {
         root)
             prepareFolder "/root/.ssh" \
                 && echo \
-                && source "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" "/root/.ssh/authorized_keys" \
+                && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" "/root/.ssh/authorized_keys" \
+                && echo \
+                && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" "/etc/ssh/sshd_config.d/AccessRestriction.conf" \
                 && return 0 || return 1
             ;;
         *)
             prepareFolder "/home/${_USER}/.ssh" \
                 && echo \
-                && source "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" "/home/${_USER}/.ssh/authorized_keys" \
+                && ensureGroupMembership "${_USER}" \
+                && echo \
+                && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" "/home/${_USER}/.ssh/authorized_keys" \
+                && echo \
+                && "${_CORE_SCRIPTS:?"Missing CORE_SCRIPTS"}ensureUsageOfDefinitions.sh" "${_DEFINITIONS}" "/etc/ssh/sshd_config.d/AccessRestriction.conf" \
                 && return 0 || return 1
             ;;
     esac
diff --git a/core/ensureUsageOfDefinitions.sh b/core/ensureUsageOfDefinitions.sh
index 05073e3..f094296 100755
--- a/core/ensureUsageOfDefinitions.sh
+++ b/core/ensureUsageOfDefinitions.sh
@@ -15,6 +15,9 @@ function isCoreDefinition() {
     echo "${1:?"Missing first parameter FILE"}" | grep -F '/root/.ssh/authorized_keys' &> /dev/null \
         && return 0
 
+    echo "${1:?"Missing first parameter FILE"}" | grep -F '/etc/ssh/sshd_config.d/AccessRestriction.conf' &> /dev/null \
+        && return 0
+
     echo "${1:?"Missing first parameter FILE"}" | grep -F '/home/jenkins/.ssh/authorized_keys' &> /dev/null \
         && return 0