- name: Protocol 2
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^\s*Protocol\s+2'
    # insertbefore: '^\s*Match'
    insertbefore: BOF
    state: 'present'
    line: 'Protocol 2'
  notify: restart_sshd
- name: UseDNS no
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^\s*UseDNS\s+no'
    # insertbefore: '^\s*Match'
    insertbefore: BOF
    state: 'present'
    line: 'UseDNS no'
  notify: restart_sshd
- name: PermitEmptyPasswords no
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^\s*PermitEmptyPasswords\s+no'
    # insertbefore: '^\s*Match'
    insertbefore: BOF
    state: 'present'
    line: 'PermitEmptyPasswords no'
  notify: restart_sshd
- name: PermitRootLogin without-password
  lineinfile:
    path: /etc/ssh/sshd_config
    regexp: '^\s*PermitRootLogin\s+without-password'
    # insertbefore: '^\s*Match'
    insertbefore: BOF
    state: 'present'
    line: 'PermitRootLogin without-password'
  notify: restart_sshd
- meta: flush_handlers