--- - name: Disable SSH passwords become: true ansible.builtin.lineinfile: path: /etc/ssh/sshd_config regexp: '^#?\w*PasswordAuthentication (yes|no)' line: 'PasswordAuthentication no' register: changed_ssh_config - name: Enable SSH become: true ansible.builtin.systemd: name: sshd.service enabled: yes state: started - name: Restart SSH become: true ansible.builtin.systemd: name: sshd.service state: restarted when: changed_ssh_config.changed == true - name: Allow SSH through firewall become: true ansible.posix.firewalld: service: ssh permanent: yes state: enabled immediate: yes