diff --git a/base.yml b/base.yml
index 0c6f3bfc..db008021 100644
--- a/base.yml
+++ b/base.yml
@@ -19,6 +19,7 @@
       - silice.adm.crans.org
   roles:
     - debian-apt-sources
+    - common-security
     - common-tools
     - rsync-client
     - ntp-client
diff --git a/roles/common-security/tasks/main.yml b/roles/common-security/tasks/main.yml
new file mode 100644
index 00000000..3212ca0a
--- /dev/null
+++ b/roles/common-security/tasks/main.yml
@@ -0,0 +1,9 @@
+---
+- name: Delete authorized SSH keys for root account
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /root/.ssh/authorized_keys
+    - /root/.ssh/authorized_keys2
+
diff --git a/roles/ldap-client/tasks/main.yml b/roles/ldap-client/tasks/main.yml
index 334b0ff1..80a346cd 100644
--- a/roles/ldap-client/tasks/main.yml
+++ b/roles/ldap-client/tasks/main.yml
@@ -36,11 +36,3 @@
     dest: /etc/pam.d/common-account
     regexp: 'pam_mkhomedir\.so'
     line: "session required pam_mkhomedir.so skel=/etc/skel/ umask=0077"
-
-# If LDAP crashes
-- name: Install SSH keys for root account
-  authorized_key:
-    user: root
-    key: "{{ ssh_pub_keys }}"
-    state: present
-    exclusive: true