Add role ssh-keyonly

roles/ssh-keyonly/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+ssh_service_name: sshd

roles/ssh-keyonly/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+- name: "Set «PermitRootLogin» to «without-password»"
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: '^#? *PermitRootLogin'
+    line: "PermitRootLogin without-password"
+    backup: yes
+  register: sshconfigchanged
+
+
+- name: Restart sshd
+  service:
+    name: "{{ ssh_service_name }}"
+    state: restarted
+    sleep: 5
+  when: sshconfigchanged is changed
+
+