diff --git a/tasks/deploy-ssh-keys.yml b/tasks/deploy-ssh-keys.yml
index b1f23de..3b4b2b0 100644
--- a/tasks/deploy-ssh-keys.yml
+++ b/tasks/deploy-ssh-keys.yml
@@ -6,7 +6,7 @@
     state: directory
     owner: "{{ item.name }}"
     group: "{{ item.name }}"
-    mode: 0644
+    mode: 0755
   loop: "{{ _users_local }}"
 
 - name: Update authorized keys
@@ -17,3 +17,13 @@
     state: present
     exclusive: true
   loop: "{{ _users_local }}"
+
+- name: Enforce ownership of authorized keys
+  become: true
+  file:
+    path: /home/{{ item.name }}/.ssh/authorized_keys
+    state: touch
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0444
+  loop: "{{ _users_local }}"