diff --git a/roles/websites/darkchestofwonders.us/tasks/main.yml b/roles/websites/darkchestofwonders.us/tasks/main.yml
index 720951e..b42e6f3 100644
--- a/roles/websites/darkchestofwonders.us/tasks/main.yml
+++ b/roles/websites/darkchestofwonders.us/tasks/main.yml
@@ -37,6 +37,14 @@
     user: webapp.dcow
     exclusive: true
 
+- name: ensure authorized_keys file permissions are correct
+  file:
+    path: /srv/www/darkchestofwonders.us/.ssh/authorized_keys
+    mode: '0600'
+    owner: webapp.dcow
+    group: webapp.dcow
+    setype: ssh_home_t
+
 - name: ensure virtualenv exists
   become: true
   become_user: webapp.dcow
diff --git a/roles/websites/dustin.hatch.name/tasks/main.yml b/roles/websites/dustin.hatch.name/tasks/main.yml
index e692f68..2bce504 100644
--- a/roles/websites/dustin.hatch.name/tasks/main.yml
+++ b/roles/websites/dustin.hatch.name/tasks/main.yml
@@ -36,6 +36,13 @@
     key: "{{ dchwww_publisher_keys|join('\n') }}"
     user: webapp.dchwww
     exclusive: true
+- name: ensure authorized_keys file permissions are correct
+  file:
+    path: /srv/www/dustin.hatch.name/.ssh/authorized_keys
+    mode: '0600'
+    owner: webapp.dchwww
+    group: webapp.dchwww
+    setype: ssh_home_t
 
 - name: ensure virtualenv exists
   become: true
diff --git a/roles/websites/ebonfire.com/tasks/main.yml b/roles/websites/ebonfire.com/tasks/main.yml
index 238642f..12922ac 100644
--- a/roles/websites/ebonfire.com/tasks/main.yml
+++ b/roles/websites/ebonfire.com/tasks/main.yml
@@ -28,6 +28,14 @@
     key: "{{ ebonfire_publisher_keys|join('\n') }}"
     user: webapp.ebonfire
     exclusive: true
+- name: ensure authorized_keys file permissions are correct
+  file:
+    path: /srv/www/ebonfire.com/.ssh/authorized_keys
+    mode: '0600'
+    owner: webapp.ebonfire
+    group: webapp.ebonfire
+    setype: ssh_home_t
+
 
 - name: ensure apache is configured to serve ebonfire.com
   copy:
diff --git a/roles/websites/nratonpass.com/tasks/main.yml b/roles/websites/nratonpass.com/tasks/main.yml
index 88fa827..fcc0484 100644
--- a/roles/websites/nratonpass.com/tasks/main.yml
+++ b/roles/websites/nratonpass.com/tasks/main.yml
@@ -28,6 +28,13 @@
     key: "{{ nratonpass_publisher_keys|join('\n') }}"
     user: webapp.nratonpass
     exclusive: true
+- name: ensure authorized_keys file permissions are correct
+  file:
+    path: /srv/www/nratonpass.com/.ssh/authorized_keys
+    mode: '0600'
+    owner: webapp.nratonpass
+    group: webapp.nratonpass
+    setype: ssh_home_t
 
 - name: ensure apache is configured to serve nratonpass.com
   copy: