diff --git a/roles/install_arch/tasks/main.yml b/roles/install_arch/tasks/main.yml
index 162f4fb5d11db52a8bba0121c74a49f85d9a696c..0b384d13077bac569c503db38cadc8d5013baba9 100644
--- a/roles/install_arch/tasks/main.yml
+++ b/roles/install_arch/tasks/main.yml
@@ -171,18 +171,11 @@
   register: chroot_systemd_services
   changed_when: "chroot_systemd_services.rc == 0"
 
-- name: assign pubkey list to fact
-  set_fact: pubkey_list="{{ lookup('file', playbook_dir + "/../../pubkeys/" + item) }}"
-  register: pubkeys
-  vars:
-    playbook_dir: "{{ playbook_dir }}"
-  with_items: "{{ root_ssh_keys }}"
-
-- name: assign pubkey string to fact
-  set_fact: pubkey_string={{ pubkeys.results | map(attribute='ansible_facts.pubkey_list') | join('\n') }}
-
 - name: add authorized key for root
-  authorized_key: user=root key="{{ pubkey_string }}" path=/tmp/root.x86_64/mnt/root/.ssh/authorized_keys exclusive=yes
+  include_role:
+    name: root_ssh
+  vars:
+    root_ssh_directory: /tmp/root.x86_64/mnt/root/.ssh
 
 - name: configure sshd
   template: src=sshd_config.j2 dest=/mnt/etc/ssh/sshd_config owner=root group=root mode=0644
diff --git a/roles/root_ssh/defaults/main.yml b/roles/root_ssh/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..35e935459a5de12cf435525a00e4425df08e31a2
--- /dev/null
+++ b/roles/root_ssh/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+root_ssh_directory: /root/.ssh
diff --git a/roles/root_ssh/tasks/main.yml b/roles/root_ssh/tasks/main.yml
index 411652e4749ba09b4150f8d58490a4532eaceca5..1e7f3ddb7d2064993a3a80394ab8ea1931abc8d7 100644
--- a/roles/root_ssh/tasks/main.yml
+++ b/roles/root_ssh/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
 
+- name: create .ssh directory
+  file: path={{ root_ssh_directory }} state=directory owner=root group=root mode=0700
+
 - name: add authorized keys for root
-  template: src=authorized_keys.j2 dest=/root/.ssh/authorized_keys mode=0600 owner=root group=root
+  template: src=authorized_keys.j2 dest={{ root_ssh_directory }}/authorized_keys mode=0600 owner=root group=root
diff --git a/roles/root_ssh/templates/authorized_keys.j2 b/roles/root_ssh/templates/authorized_keys.j2
index ed6ef148f4918f5128bcf4a8b3f8130ec5ece044..d513564c83732e64e4225cd1ab9a07e1e5c70648 100644
--- a/roles/root_ssh/templates/authorized_keys.j2
+++ b/roles/root_ssh/templates/authorized_keys.j2
@@ -1,6 +1,6 @@
 #jinja2: lstrip_blocks: True
 {% for user in root_ssh_keys | sort(attribute="key") -%}
 	{% if user.hosts is not defined or inventory_hostname in user.hosts -%}
-		{{ lookup('file', '../pubkeys/' + user.key ) }}
+		{{ lookup('file', role_path + '/../../pubkeys/' + user.key ) }}
 	{% endif %}
 {% endfor %}