add ssh authorized keys command

ansible/roles/ldap_client/handlers/main.yaml

@@ -3,3 +3,7 @@
     name: sssd
     state: restarted
 
+- name: restart sshd
+  service:
+    name: sshd
+    state: restarted

ansible/roles/ldap_client/tasks/main.yaml

@@ -1,3 +1,4 @@
 - import_tasks: install.yaml
 - import_tasks: authselect.yaml
 - import_tasks: nsswitch.yaml
+- import_tasks: sshd.yaml

ansible/roles/ldap_client/tasks/sshd.yaml

@@ -0,0 +1,14 @@
+- name: Ensure sshd has AuthorizedKeysCommand
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^AuthorizedKeysCommand'
+    line: 'AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys'
+  notify: restart sshd
+
+- name: Ensure sshd has AuthorizedKeysCommandUser
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^AuthorizedKeysCommandUser'
+    line: 'AuthorizedKeysCommandUser nobody'
+  notify: restart sshd
+