diff --git a/config/hooks/live/9930_hardening_ssh.chroot b/config/hooks/live/9930_hardening_ssh.chroot
index 9713e0f..ae1a773 100644
--- a/config/hooks/live/9930_hardening_ssh.chroot
+++ b/config/hooks/live/9930_hardening_ssh.chroot
@@ -12,14 +12,7 @@
 set -Ceuo pipefail
 
 printf "\e[95m++++ ++++ ++++ ++++ ++++ ++++ ++ 🧪 '%s' starting ... \e[0m\n" "${0}"
-declare _key="" _old_nullglob="" _old_dotglob="" _old_failglob=""
-
-### Enable nullglob/dotglob, disable failglob for safe globbing.
-_old_nullglob="$(shopt -p nullglob || true)"
-_old_failglob="$(shopt -p failglob || true)"
-
-shopt -s nullglob
-shopt -u failglob
+declare _key=""
 
 cd /etc/ssh
 
@@ -27,8 +20,14 @@ rm -rf ssh_host_*key*
 
 if [[ -d /root/ssh ]]; then
 
-  mv /root/ssh/ssh_host_*key* /etc/ssh
-  mv /root/ssh/*sha256sum.txt /etc/ssh
+  if compgen -G "/root/ssh/ssh_host_*" > /dev/null; then
+    mv -t /etc/ssh -- /root/ssh/ssh_host_*
+  fi
+
+  if compgen -G "/root/ssh/*sha256sum.txt" > /dev/null; then
+    mv -t /etc/ssh -- /root/ssh/*sha256sum.txt
+  fi
+
   rm -rf /root/ssh
 
 else
@@ -113,9 +112,6 @@ fi
 
 /usr/sbin/sshd -t || exit 42
 
-eval "${_old_nullglob}" 2>/dev/null || true
-eval "${_old_failglob}" 2>/dev/null || true
-
 printf "\e[92m++++ ++++ ++++ ++++ ++++ ++++ ++ ✅ '%s' applied successfully. \e[0m\n" "${0}"
 
 exit 0