diff --git a/clab/authz_keys.go b/clab/authz_keys.go
index 64e50e959..790225084 100644
--- a/clab/authz_keys.go
+++ b/clab/authz_keys.go
@@ -50,7 +50,7 @@ func (c *CLab) CreateAuthzKeysFile() error {
 
 	log.Debugf("extracted %d keys from ssh-agent", len(keys))
 	for _, k := range keys {
-		b.WriteString(k + "\n")
+		addKeyToBuffer(b, k)
 	}
 
 	for _, fn := range all {
@@ -79,8 +79,7 @@ func addKeyToBuffer(b *bytes.Buffer, key string) {
 		return
 	}
 
-	key = elems[0] + " " + elems[1]
-	if !strings.Contains(b.String(), key) {
+	if !strings.Contains(b.String(), elems[1]) {
 		b.WriteString(key + "\n")
 	}
 }
diff --git a/utils/file.go b/utils/file.go
index 783b32941..ae7a3b169 100644
--- a/utils/file.go
+++ b/utils/file.go
@@ -13,6 +13,7 @@ import (
 	"net/http"
 	"net/url"
 	"os"
+	"os/user"
 	"path/filepath"
 	"strings"
 
@@ -169,10 +170,24 @@ func ReadFileContent(file string) ([]byte, error) {
 }
 
 // ExpandHome expands `~` char in the path to home path of a current user in provided path p.
+// When sudo is used, it expands to home dir of a sudo user.
 func ExpandHome(p string) string {
-	userPath, _ := os.UserHomeDir()
+	// current user home dir, used when sudo is not used
+	// or when errors occur during sudo user lookup
+	curUserHomeDir, _ := os.UserHomeDir()
 
-	p = strings.Replace(p, "~", userPath, 1)
+	userId, isSet := os.LookupEnv("SUDO_UID")
+	if !isSet {
+		return curUserHomeDir
+	}
+
+	// lookup user to figure out Home Directory
+	u, err := user.LookupId(userId)
+	if err != nil {
+		return curUserHomeDir
+	}
+
+	p = strings.Replace(p, "~", u.HomeDir, 1)
 
 	return p
 }