diff --git a/ansible/sshd_config.yml b/ansible/sshd_config.yml
new file mode 100644
index 0000000..3586414
--- /dev/null
+++ b/ansible/sshd_config.yml
@@ -0,0 +1,45 @@
+---
+- hosts: all
+  vars:
+    conf: /etc/ssh/sshd_config
+  sudo: yes
+  tasks:
+  - name: Protocol 2
+    lineinfile: dest={{conf}}
+                regexp="^(#)?Protocol"
+                line="Protocol 2"
+    notify: restart sshd
+  - name: PermitRootLogin no
+    lineinfile: dest={{conf}}
+                regexp="^(#)?PermitRootLogin"
+                line="PermitRootLogin no"
+    notify: restart sshd
+  - name: RSAAuthentication no
+    lineinfile: dest={{conf}}
+                regexp="^(#)?RSAAuthentication"
+                line="RSAAuthentication no"
+    notify: restart sshd
+  - name: PasswordAuthentication no
+    lineinfile: dest={{conf}}
+                regexp="^(#)?PasswordAuthentication"
+                line="PasswordAuthentication no"
+    notify: restart sshd
+  - name: PermitEmptyPassword no
+    lineinfile: dest={{conf}}
+                regexp="^(#)?PermitEmptyPasswords"
+                line="PermitEmptyPasswords no"
+    notify: restart sshd
+  - name: ChallengeResponseAuthentication no
+    lineinfile: dest={{conf}}
+                regexp="^(#)?ChallengeResponseAuthentication"
+                line="ChallengeResponseAuthentication no"
+    notify: restart sshd
+  - name: UseDNS no
+    lineinfile: dest={{conf}}
+                regexp="^(#)?UseDNS"
+                line="UseDNS no"
+    notify: restart sshd
+
+  handlers:
+  - name: restart sshd
+    service: name=ssh state=restarted