diff --git a/tasks/configure_sftp_server.yml b/tasks/configure_sftp_server.yml
index 39a1d902ba8242554079aa8a15dbffe31b4265d2..80916de9b3b91155718259a4298ba5af5c53d7c7 100644
--- a/tasks/configure_sftp_server.yml
+++ b/tasks/configure_sftp_server.yml
@@ -11,10 +11,24 @@
   block:
     - name: separate Berechtigungen für SFTP-chroot setzen
       file:
-        path: "/home/{{ vault_sftp_upload_user }}/"
-        mode: "0750"
-        owner: "root"
-        group: "{{ vault_sftp_upload_group }}"
+        path: "{{ item.path }}"
+        mode: "{{ item.mode }}"
+        owner: "{{ item.owner }}"
+        group: "{{ item.group }}"
+      loop:
+        - path: "/home/{{ vault_sftp_upload_user }}/"
+          mode: "0750"
+          owner: "root"
+          group: "{{ vault_sftp_upload_group }}"
+        - path: "/home/{{ vault_sftp_upload_user }}/.ssh/"
+          mode: "0700"
+          owner: "{{ vault_sftp_upload_user }}"
+          group: "{{ vault_sftp_upload_group }}"
+        - path: "/home/{{ vault_sftp_upload_user }}/.ssh/authorized_keys"
+          mode: "0600"
+          owner: "{{ vault_sftp_upload_user }}"
+          group: "{{ vault_sftp_upload_group }}"
+
     - name: Konfiguration fuer SFTP-Server einspielen (1/3)
       blockinfile:
         path: "/etc/ssh/sshd_config"