---
- name: Restrict SSH to public key authentication
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^#?AuthenticationMethods '
      line: 'AuthenticationMethods publickey'
    service: name=sshd state=restarted
  
  - name: Disable SSH password authentication
    lineinfile:
      path: /etc/ssh/sshd_config
      regexp: '^#?PasswordAuthentication '
      line: 'PasswordAuthentication no'
    service: name=sshd state=restarted