diff --git a/roles/ssh_tunneling/tasks/main.yml b/roles/ssh_tunneling/tasks/main.yml
index 7083431..ff78716 100644
--- a/roles/ssh_tunneling/tasks/main.yml
+++ b/roles/ssh_tunneling/tasks/main.yml
@@ -57,5 +57,10 @@
   fetch: src='/var/jail/{{ item }}/.ssh/id_rsa' dest=configs/{{ IP_subject_alt_name }}_{{ item }}.ssh.pem flat=yes
   with_items: "{{ users }}"
 
+- name: Change mode for SSH private keys
+  local_action: file path=configs/{{ IP_subject_alt_name }}_{{ item }}.ssh.pem mode=0600
+  with_items: "{{ users }}"
+  become: false
+
 - name: Fetch the known_hosts file
   fetch: src='/root/.ssh/{{ IP_subject_alt_name }}_known_hosts' dest=configs/{{ IP_subject_alt_name }}_known_hosts flat=yes