- name: Ensure sshd has AuthorizedKeysCommand
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^AuthorizedKeysCommand'
    line: 'AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys'
  notify: restart sshd

- name: Ensure sshd has AuthorizedKeysCommandUser
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^AuthorizedKeysCommandUser'
    line: 'AuthorizedKeysCommandUser nobody'
  notify: restart sshd