Improve SSH key management

tasks/openssh.yml

@@ -17,16 +17,17 @@
 
 - name: openssh - config
   template:
-      dest: /etc/ssh/sshd_config
-      src: sshd_config.j2
-      owner: root
-      group: root
-      mode: 0644
-      validate: '/usr/sbin/sshd -T -f %s'
+    dest: /etc/ssh/sshd_config
+    src: sshd_config.j2
+    owner: root
+    group: root
+    mode: 0644
+    validate: '/usr/sbin/sshd -T -f %s'
   notify: reload openssh
 
 - name: openssh - root keys
-  authorized_key: user=root key={{ common_openssh_keys_root | join("\n") }} exclusive=yes
+  authorized_key: "user=root key={{ item.key }} state={{ item.state | default('present') }}"
+  with_items: "{{ common_openssh_keys_root }}"
   when: common_openssh_keys_root
   tags: 'ssh-keys'