- name: Disable root login with password
  lineinfile: dest=/etc/ssh/sshd_config
              regexp='^PermitRootLogin'
              line='PermitRootLogin without-password'
              state=present
#TODO: use handler to reload ssh

- name: Enable sshd
  service: name={{ sshd_service }}
           enabled=yes
           state=started
  when: sshd_enabled

- name: Disable sshd
  service: name={{ sshd_service }}
           enabled=no
           state=stopped
  when: not sshd_enabled