---
- name: Filter SSH on groups
  lineinfile:
    dest: /etc/ssh/sshd_config
    regexp: ^#?PermitRootLogin
    line: "PermitRootLogin yes"
    state: present
  notify: Restart sshd service

- name: Delete authorized SSH keys for root account
  file:
    path: "{{ item }}"
    state: absent
  loop:
    - /root/.ssh/authorized_keys
    - /root/.ssh/authorized_keys2