diff --git a/roles/ssh_keypairs/tasks/main.yml b/roles/ssh_keypairs/tasks/main.yml
index 1a9b6ff5..cf24df0b 100644
--- a/roles/ssh_keypairs/tasks/main.yml
+++ b/roles/ssh_keypairs/tasks/main.yml
@@ -17,6 +17,15 @@
   ansible.builtin.include_vars:
     file: "{{ ssh_keypairs_method ~ '_keypair.yml' }}"
 
+- name: Ensure that openssh is installed
+  vars:
+    _sshd_service_package:
+      redhat: openssh-server
+      debian: openssh-server
+  ansible.builtin.package:
+    name: "{{ _sshd_service_package[ansible_facts['os_family'] | lower] }}"
+    state: present
+
 - name: Create keypairs
   when: ssh_keypairs_create_keys | bool
   block:
diff --git a/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml b/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml
index 3bb85f43..520b020e 100644
--- a/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml
+++ b/roles/ssh_keypairs/tasks/standalone/install_ssh_ca.yml
@@ -13,11 +13,18 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Ensure trusted CA directory is present
+- name: Ensure required directories are present
   ansible.builtin.file:
-    path: "/etc/ssh/trusted_ca.d"
+    path: "{{ item.path }}"
     state: directory
-    mode: "0700"
+    mode: "{{ item.mode }}"
+    owner: root
+    group: root
+  loop:
+    - path: "/etc/ssh/trusted_ca.d"
+      mode: "0700"
+    - path: "/etc/ssh/sshd_config.d/"
+      mode: "0755"
 
 - name: Slurp up SSH CA certificates from keypair setup host ({{ ssh_keypairs_setup_host }})
   delegate_to: "{{ ssh_keypairs_setup_host }}"