- name: Disable the root account
  user:
        name: root
        password: '!'
        password_lock: yes
  notify:
        - Disable SSH login for root
        - Disable SSH password authentication
- name: Disable SSH login for root
  replace:
        path: /etc/ssh/sshd_config
        regexp: "^.*PermitRootLogin.*$"
        replace: "PermitRootLogin no"
  notify:
        - Reload SSH service
- name: Disable SSH password authentication
  replace:
        path: /etc/ssh/sshd_config
        regexp: "^.*PasswordAuthentication.*$"
        replace: "PasswordAuthentication no"
  notify:
        - Reload SSH service
- name: Reload SSH service
  systemd:
        name: ssh
        state: reloaded