dsk-iac/packer/ansible/roles/security-settings/tasks/sshd_config.yml

---
- name: Configure ssh root login to {{sshrootlogin}}
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: '^(#)?PermitRootLogin.*'
    line: 'PermitRootLogin {{sshrootlogin}}'
    insertbefore: '^Match.*'
    state: present
    owner: root
    group: root
    mode: 0640
  notify: restart sshd

- name: SSH Listen on Main Port
  lineinfile:
    dest: /etc/ssh/sshd_config
    insertbefore: '^#*AddressFamily'
    line: 'Port {{sshmainport}}'
    state: present
    owner: root
    group: root
    mode: 0640
  notify: restart sshd

    #- name: SSH AllowUsers Setting
    #  copy:
    #    src: allow_users.conf
    #    dest: /etc/ssh/sshd_config.d/allow_users.conf
    #    owner: root
    #    group: root
    #    mode: 0644