diff --git a/.travis.yml b/.travis.yml
index 0240dc3..2370f24 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -7,6 +7,7 @@ addons:
     packages:
       - docker-ce
       - w3m
+      - shellcheck
 
 env:
   global:
@@ -19,6 +20,7 @@ before_script:
   - export OPENSSH_VERSION="$(w3m -dump "https://pkgs.alpinelinux.org/packages?name=openssh&branch=v${ALPINE_VERSION}" | grep -m 1 "x86" | awk '{print $2}')"
 
 script: |
+  for i in *.sh ; do shellcheck $i ; done && \
   docker build \
           --no-cache \
           --pull \
diff --git a/entrypoint.sh b/entrypoint.sh
index ebfd4e3..569e57c 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,9 +1,9 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 
 set -e
 
 # enable debug mode if desired
-if [ "${DEBUG}" = "true" ]; then 
+if [[ "${DEBUG}" == "true" ]]; then 
     set -x
 fi
 
@@ -16,13 +16,13 @@ log() {
     RED='\033[1;31m'
     NO_COLOR='\033[0m'
 
-    if [ "${LEVEL}" = "warning" ]; then
+    if [[ "${LEVEL}" == "warning" ]]; then
         LOG_LEVEL="${YELLOW}WARN${NO_COLOR}"
-    elif [ "${LEVEL}" = "error" ]; then
+    elif [[ "${LEVEL}" == "error" ]]; then
         LOG_LEVEL="${RED}ERROR${NO_COLOR}"
     else
         LOG_LEVEL="${WHITE}INFO${NO_COLOR}"
-        if [ -z "${TO_LOG}" ]; then
+        if [[ -z "${TO_LOG}" ]]; then
             TO_LOG="${1}"
         fi
     fi
@@ -45,15 +45,15 @@ generate_passwd() {
 }
 
 # ensure backward comaptibility for earlier versions of this image
-if [ -n "${KEYPAIR_LOGIN}" ] && [ "${KEYPAIR_LOGIN}" = "true" ]; then
+if [[ -n "${KEYPAIR_LOGIN}" ]] && [[ "${KEYPAIR_LOGIN}" == "true" ]]; then
     ROOT_KEYPAIR_LOGIN_ENABLED="${KEYPAIR_LOGIN}"
 fi
-if [ -n "${ROOT_PASSWORD}" ]; then
+if [[ -n "${ROOT_PASSWORD}" ]]; then
     ROOT_LOGIN_UNLOCKED="true"
 fi
 
 # enable root login if keypair login is enabled
-if [ "${ROOT_KEYPAIR_LOGIN_ENABLED}" = "true" ]; then
+if [[ "${ROOT_KEYPAIR_LOGIN_ENABLED}" == "true" ]]; then
     ROOT_LOGIN_UNLOCKED="true"
 fi
 
@@ -68,20 +68,20 @@ ssh-keygen -A 1>/dev/null
 
 log "Applying configuration for 'root' user ..."
 
-if [ "${ROOT_LOGIN_UNLOCKED}" = "true" ] ; then
+if [[ "${ROOT_LOGIN_UNLOCKED}" == "true" ]] ; then
 
     # generate random root password
-    if [ -z "${ROOT_PASSWORD}" ]; then
+    if [[ -z "${ROOT_PASSWORD}" ]]; then
         log "    generating random password for user 'root'"
         ROOT_PASSWORD="$(generate_passwd)"
     fi
 
-    echo "root:${ROOT_PASSWORD}" | chpasswd >/dev/null 2>&1
+    echo "root:${ROOT_PASSWORD}" | chpasswd &>/dev/null
     log "    password for user 'root' set"
     log "warning" "    user 'root' is now UNLOCKED"
 
     # set root login mode by password or keypair
-    if [ "${ROOT_KEYPAIR_LOGIN_ENABLED}" = "true" ] && [ -f "${HOME}/.ssh/authorized_keys" ] ; then
+    if [[ "${ROOT_KEYPAIR_LOGIN_ENABLED}" == "true" ]] && [[ -f "${HOME}/.ssh/authorized_keys" ]]; then
         sed -i "s/#PermitRootLogin.*/PermitRootLogin without-password/" /etc/ssh/sshd_config
         sed -i "s/#PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
         ensure_mod "${HOME}/.ssh/authorized_keys" "0600" "root" "root"
@@ -99,11 +99,11 @@ else
 
 fi
 
-printf "\n" ""
+printf "\n"
 
 log "Applying configuration for additional users ..."
 
-if [ ! -x "${USER_LOGIN_SHELL}" ]; then
+if [[ ! -x "${USER_LOGIN_SHELL}" ]]; then
     log "error" "    can not allocate desired shell '${USER_LOGIN_SHELL}', falling back to '${USER_LOGIN_SHELL_FALLBACK}' ..."
     USER_LOGIN_SHELL="${USER_LOGIN_SHELL_FALLBACK}"
 fi
@@ -111,7 +111,7 @@ fi
 log "    desired shell is ${USER_LOGIN_SHELL}"
 
 
-if [ -n "${SSH_USERS}" ]; then
+if [[ -n "${SSH_USERS}" ]]; then
 
     IFS=","
     for USER in ${SSH_USERS}; do
@@ -122,14 +122,14 @@ if [ -n "${SSH_USERS}" ]; then
         USER_UID="$(echo "${USER}" | cut -d ':' -f 2)"
         USER_GID="$(echo "${USER}" | cut -d ':' -f 3)"
 
-        if [ -z "${USER_NAME}" ] || [ -z "${USER_UID}" ] || [ -z "${USER_GID}" ]; then
+        if [[ -z "${USER_NAME}" ]] || [[ -z "${USER_UID}" ]] || [[ -z "${USER_GID}" ]]; then
             log "error" "        skipping invalid data '${USER_NAME}' - UID: '${USER_UID}' GID: '${USER_GID}'"
             continue
         fi
     
-        getent group "${USER_GID}" >/dev/null 2>&1 || addgroup -g "${USER_GID}" "${USER_NAME}"
-        getent passwd "${USER_NAME}" >/dev/null 2>&1 || adduser -s "${USER_LOGIN_SHELL}" -D -u "${USER_UID}" -G "${USER_NAME}" "${USER_NAME}"
-        passwd -u "${USER_NAME}" >/dev/null 2>&1
+        getent group "${USER_GID}" &>/dev/null || addgroup -g "${USER_GID}" "${USER_NAME}"
+        getent passwd "${USER_NAME}" &>/dev/null || adduser -s "${USER_LOGIN_SHELL}" -D -u "${USER_UID}" -G "${USER_NAME}" "${USER_NAME}"
+        passwd -u "${USER_NAME}" &>/dev/null
         mkdir -p "/home/${USER_NAME}/.ssh"
 
         log "        user '${USER_NAME}' created - UID: '${USER_UID}' GID: '${USER_GID}'"
@@ -137,7 +137,7 @@ if [ -n "${SSH_USERS}" ]; then
         MOUNTED_AUTHORIZED_KEYS="${AUTHORIZED_KEYS_VOLUME}/${USER_NAME}"
         LOCAL_AUTHORIZED_KEYS="/home/${USER_NAME}/.ssh/authorized_keys"
 
-        if [ ! -e "${MOUNTED_AUTHORIZED_KEYS}" ]; then
+        if [[ ! -e "${MOUNTED_AUTHORIZED_KEYS}" ]]; then
             log "warning" "        no SSH authorized_keys found for user '${USER_NAME}'"
         else
             cp "${MOUNTED_AUTHORIZED_KEYS}" "${LOCAL_AUTHORIZED_KEYS}"
@@ -146,7 +146,7 @@ if [ -n "${SSH_USERS}" ]; then
             log "        set mod 0600 on ${LOCAL_AUTHORIZED_KEYS}"
         fi
 
-        printf "\n" ""
+        printf "\n"
 
     done
     unset IFS