diff --git a/roles/common/files/ssh-pub-keys/aorth-ed25519-rmbp.pub b/roles/common/files/ssh-pub-keys/aorth-ed25519-rmbp.pub
new file mode 100644
index 0000000..bbe7683
--- /dev/null
+++ b/roles/common/files/ssh-pub-keys/aorth-ed25519-rmbp.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsMqYkvBnQ51kybGNIAZq0Dkoo3nL1tti/VYIIlJiHH aorth@Alans-MBP
diff --git a/roles/common/files/ssh-pub-keys/aorth-rsa-rmbp.pub b/roles/common/files/ssh-pub-keys/aorth-rsa-rmbp.pub
new file mode 100644
index 0000000..d03218b
--- /dev/null
+++ b/roles/common/files/ssh-pub-keys/aorth-rsa-rmbp.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDDvdEwl+1Ti3Ysr4qUQMwMcOUNjeZqpSikwONqr+qPtnmYImGTsJzpMh7wsMHHoONC55VYEMB06pP9d13TXziufZNqOnNIj4Z0ZPXTz+5BY8oU1cINr+Z4gxylhsgFRUc3J3lI99HHKUg/M7KyaFc0jNQOegm+cUHE7FSmWLdhjgVm5F3ex5UNuF/qXmn9W0mABbZPMU4OVQ5iDminkrMDTNX9Ay4xFM/ToRWxW6ZooYFbZx3XJ0YpHrpv8YvcdIEEWJ4E5FgcpUgyQXalROionqV+R5wUg1R+Taq6B5amnm5rgGl374rBaHsImq9ATfYZAmp7cIM3rVKidKNzwLT aorth@Alans-MacBook-Pro.local
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index f5f486a..972634b 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -37,4 +37,8 @@
 
 - include: provisioning.yml
   tags: provisioning
+
+- include: ssh-keys.yml
+  tags: ssh-keys
+
 # vim: set sw=2 ts=2:
diff --git a/roles/common/tasks/ssh-keys.yml b/roles/common/tasks/ssh-keys.yml
new file mode 100644
index 0000000..ba78919
--- /dev/null
+++ b/roles/common/tasks/ssh-keys.yml
@@ -0,0 +1,11 @@
+---
+- name: Zero .ssh/authorized_keys for provisioning user
+  file: dest={{ provisioning_user.home }}/.ssh/authorized_keys state=absent
+
+- name: Add public keys to authorized_keys
+  authorized_key: { user: '{{ provisioning_user.name }}', key: "{{ lookup('file',item) }}" }
+  with_fileglob:
+    # use descriptive names for keys, like: aorth-mzito-rsa.pub
+    - ssh-pub-keys/*.pub
+
+# vim: set sw=2 ts=2: