Desactivar usuario root

+---
+- name: Desactivar acceso SSH como root
+  hosts: all
+  become: yes
+  tasks:
+
+    - name: Asegurar que 'PermitRootLogin no' esté en sshd_config
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?PermitRootLogin\s+.*'
+        line: 'PermitRootLogin no'
+        state: present
+        backrefs: yes
+
+    - name: Asegurar que 'UsePAM yes' esté en sshd_config
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^#?UsePAM\s+.*'
+        line: 'UsePAM yes'
+        state: present
+        backrefs: yes
+
+    - name: Reiniciar el servicio sshd
+      service:
+        name: sshd
+        state: restarted
\ No newline at end of file