diff --git a/ansible/cluster.yml b/ansible/cluster.yml
index ef6c9524e97c7ed8964449489b789f2e566ec77e..3197a1198d31246aa41952b3affce773a049a6db 100644
--- a/ansible/cluster.yml
+++ b/ansible/cluster.yml
@@ -7,3 +7,4 @@
     - { name: 'nfs_mounts', tags: 'nfs_mounts' }
     - { name: 'ldap_config', tags: 'ldap_config' }
     - { name: 'slurm_client', tags: 'slurm_client', when: enable_slurm_client }
+    - { name: 'ssh_host_keys', tags: 'ssh_host_keys' }
diff --git a/ansible/group_vars/all b/ansible/group_vars/all
index e95c617fc3bb3b9a8e4b117d7468836226e34ea5..59f66120846a71436765cd010c51eda633854018 100644
--- a/ansible/group_vars/all
+++ b/ansible/group_vars/all
@@ -33,3 +33,11 @@
     - /gpfs4
     - /gpfs5
 
+#SSH Host Keys
+  S3_ENDPOINT: ""
+  SSH_HOST_KEYS_S3_BUCKET: ""
+  SSH_HOST_KEYS_S3_OBJECT: ""
+
+# AWS credentials
+  LTS_ACCESS_KEY: ""
+  LTS_SECRET_KEY: ""
diff --git a/ansible/roles/ssh_host_keys/tasks/main.yml b/ansible/roles/ssh_host_keys/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..aed8c6211cfe139aca551f7c1ece1977ed21ef32
--- /dev/null
+++ b/ansible/roles/ssh_host_keys/tasks/main.yml
@@ -0,0 +1,33 @@
+---
+- name: Ensure destination directory exists only if not present
+  file:
+    path: /tmp/ssh_keys
+    state: directory
+    mode: '0755'
+  args:
+    creates: /tmp/ssh_keys
+
+- name: Download SSH host keys tar.gz from S3
+  aws_s3:
+    mode: get
+    s3_url: "{{ S3_ENDPOINT }}"
+    bucket: "{{ SSH_HOST_KEYS_S3_BUCKET }}"
+    object: "{{ SSH_HOST_KEYS_S3_OBJECT }}"
+    dest: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
+    aws_access_key: "{{ LTS_ACCESS_KEY }}"
+    aws_secret_key: "{{ LTS_SECRET_KEY }}"
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+- name: Unpack SSH host keys to /etc/ssh
+  unarchive:
+    src: "/tmp/ssh_keys/{{ SSH_HOST_KEYS_S3_OBJECT }}"
+    dest: "/etc/ssh"
+    remote_src: yes
+  become: true
+
+- name: Restart SSH service
+  ansible.builtin.service:
+    name: sshd
+    state: restarted
+  become: true