diff --git a/plays/root.yml b/plays/root.yml
index a958296b..6e9cfe3f 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -46,3 +46,7 @@
   roles:
     - ldap-client
     - home-nounous
+
+- hosts: server
+  roles:
+    - openssh
diff --git a/roles/openssh/tasks/main.yml b/roles/openssh/tasks/main.yml
index 575af6bd..398c3264 100644
--- a/roles/openssh/tasks/main.yml
+++ b/roles/openssh/tasks/main.yml
@@ -2,8 +2,8 @@
 - name: Filter SSH on groups
   lineinfile:
     dest: /etc/ssh/sshd_config
-    regexp: ^AllowGroups
-    line: "AllowGroups {{ ssh_allow_groups }}"
+    regexp: ^#?PermitRootLogin
+    line: "PermitRootLogin yes"
     state: present
   notify: Restart sshd service