diff --git a/lib/bkctld-ip b/lib/bkctld-ip
index ba029f5..a71d144 100755
--- a/lib/bkctld-ip
+++ b/lib/bkctld-ip
@@ -17,9 +17,13 @@ jail_path=$(jail_path "${jail_name}")
 
 test -d "${jail_path}" || error "${jail_name}: jail is missing."
 
+jail_sshd_config="${jail_path}/${SSHD_CONFIG}"
+
 if [ -z "${ip}" ]; then
     # parse IP addresses from AllowUsers directives in sshd config
-    grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
+    grep -E "^AllowUsers" "${jail_sshd_config}" \
+    | grep -E -o "root@[^ ]+" \
+    | while read allow; do
         echo "${allow}" | cut -d'@' -f2
     done
 else
@@ -33,7 +37,11 @@ else
     for ip in ${new_ips}; do
         allow_users="${allow_users} root@${ip}"
     done
-    sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_path}/${SSHD_CONFIG}"
+    if grep -q -E "^AllowUsers" "${jail_sshd_config}"; then
+        sed -i "s~^AllowUsers .*~${allow_users}~" "${jail_sshd_config}"
+    else
+        error "${jail_name}: No 'AllowUsers' directive found in '${jail_sshd_config}'"
+    fi
     notice "${jail_name}: IP whitelist updated to ${ip}"
     "${LIBDIR}/bkctld-reload" "${jail_name}"
     "${LIBDIR}/bkctld-firewall" "${jail_name}"
diff --git a/test/connectivity.bats b/test/connectivity.bats
index 9004265..8293d12 100644
--- a/test/connectivity.bats
+++ b/test/connectivity.bats
@@ -58,6 +58,14 @@ load test_helper
     assert_success
 }
 
+@test "Missing AllowUsers" {
+    # Remove AllowUsers directive in SSH config
+    sed -i '/^AllowUsers/d' "${JAILPATH}/etc/ssh/sshd_config"
+    # An error should be raised when trying to add an IP restriction
+    run /usr/lib/bkctld/bkctld-ip "${JAILNAME}" "10.0.0.1"
+    assert_failure
+}
+
 @test "SSH connectivity" {
     /usr/lib/bkctld/bkctld-start "${JAILNAME}"
     /usr/lib/bkctld/bkctld-port "${JAILNAME}" "${PORT}"