--- - name: Disable root authentication replace: path: /etc/ssh/sshd_config regexp: '#PermitRootLogin prohibit-password' replace: 'PermitRootLogin no' - name: Disable X11 forwarding replace: path: /etc/ssh/sshd_config regexp: 'X11Forwarding yes' replace: 'X11Forwarding no' - name: Explicitly only listen on ipv4 replace: path: /etc/ssh/sshd_config regexp: '#AddressFamily any' replace: 'AddressFamily inet' - name: "Restart sshd" service: name: sshd state: restarted ...