diff --git a/ansible/roles/ldap_client/tasks/sshd.yaml b/ansible/roles/ldap_client/tasks/sshd.yaml
index bc72022..3fc8b9a 100644
--- a/ansible/roles/ldap_client/tasks/sshd.yaml
+++ b/ansible/roles/ldap_client/tasks/sshd.yaml
@@ -1,14 +1,16 @@
 - name: Ensure sshd has AuthorizedKeysCommand
   lineinfile:
+    state: present
     path: /etc/ssh/sshd_config
-    regexp: '^AuthorizedKeysCommand'
+    regexp: '^#?AuthorizedKeysCommand'
     line: 'AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys'
   notify: restart sshd
 
 - name: Ensure sshd has AuthorizedKeysCommandUser
   lineinfile:
+    state: present
     path: /etc/ssh/sshd_config
-    regexp: '^AuthorizedKeysCommandUser'
+    regexp: '^#?AuthorizedKeysCommandUser'
     line: 'AuthorizedKeysCommandUser nobody'
   notify: restart sshd