- name: Ensure sshd has AuthorizedKeysCommand
  lineinfile:
    state: present
    path: /etc/ssh/sshd_config
    regexp: '^#?AuthorizedKeysCommand'
    line: 'AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys'
  notify: restart sshd

- name: Ensure sshd has AuthorizedKeysCommandUser
  lineinfile:
    state: present
    path: /etc/ssh/sshd_config
    regexp: '^#?AuthorizedKeysCommandUser'
    line: 'AuthorizedKeysCommandUser nobody'
  notify: restart sshd