diff --git a/tasks/main.yml b/tasks/main.yml
index e69aaa6..f971192 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,3 +14,5 @@
       group: root
       mode: 0644
     when: motd_path is defined
+
+  - include: sshd.yml
diff --git a/tasks/sshd.yml b/tasks/sshd.yml
new file mode 100644
index 0000000..a8377a3
--- /dev/null
+++ b/tasks/sshd.yml
@@ -0,0 +1,14 @@
+---
+- name: Restrict SSH to public key authentication
+    lineinfile:
+      path: /etc/ssh/sshd_config
+      regexp: '^#?AuthenticationMethods '
+      line: 'AuthenticationMethods publickey'
+    service: name=sshd state=restarted
+  
+  - name: Disable SSH password authentication
+    lineinfile:
+      path: /etc/ssh/sshd_config
+      regexp: '^#?PasswordAuthentication '
+      line: 'PasswordAuthentication no'
+    service: name=sshd state=restarted