---
- name: Filter SSH on groups
  ansible.builtin.lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^#?PermitRootLogin
    line: PermitRootLogin yes
    state: present
  notify: Restart sshd service

- name: Delete authorized SSH keys for root account
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - /root/.ssh/authorized_keys
    - /root/.ssh/authorized_keys2