From 5c35bd5872fd678508512a3dbf860a41fa417883 Mon Sep 17 00:00:00 2001
From: Ricard Illa <ricard@trkkn.com>
Date: Fri, 4 Nov 2022 16:47:52 +0100
Subject: [PATCH] centralized authorized_keys location

---
 roles/sshd/tasks/main.yml           | 5 +++++
 roles/sshd/templates/sshd_config.j2 | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 7099ce7..17643dc 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -6,6 +6,11 @@
     mode: '0644'
     owner: root
 
+- name: create authorized_keys directory
+  file:
+    state: directory
+    path: /etc/ssh/authorized_keys
+
 - name: setup host ssh certificates
   include_tasks: certs.yml
 
diff --git a/roles/sshd/templates/sshd_config.j2 b/roles/sshd/templates/sshd_config.j2
index fd0687d..7ec6ae7 100644
--- a/roles/sshd/templates/sshd_config.j2
+++ b/roles/sshd/templates/sshd_config.j2
@@ -38,7 +38,7 @@ PubkeyAuthentication yes
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile	.ssh/authorized_keys
+AuthorizedKeysFile  /etc/ssh/authorized_keys/%u
 
 #AuthorizedPrincipalsFile none