centralized authorized_keys location

roles/sshd/tasks/main.yml

@@ -6,6 +6,11 @@
     mode: '0644'
     owner: root
 
+- name: create authorized_keys directory
+  file:
+    state: directory
+    path: /etc/ssh/authorized_keys
+
 - name: setup host ssh certificates
   include_tasks: certs.yml
 

roles/sshd/templates/sshd_config.j2

@@ -38,7 +38,7 @@ PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys
+AuthorizedKeysFile  /etc/ssh/authorized_keys/%u
 
 #AuthorizedPrincipalsFile none