diff --git a/roles/debian-base/tasks/ssh.yml b/roles/debian-base/tasks/ssh.yml
index 0fb844b..1ff39a2 100644
--- a/roles/debian-base/tasks/ssh.yml
+++ b/roles/debian-base/tasks/ssh.yml
@@ -5,13 +5,17 @@
     size: 4096
   register: new_pair
 - name: Configure sshd_config settings
-  lineinfile:
-    path: /etc/ssh/sshd_config
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  loop:
-    - { regexp: '^#ListenAddress 0.0.0.0', line: 'ListenAddress 0.0.0.0' }
-    - { regexp: '^#SyslogFacility AUTH', line: 'SyslogFacility AUTH' }
+  copy:
+    dest: /etc/ssh/sshd_config.d/custom.conf
+    content: |
+      # Do not edit this file! Ansible will overwrite it.
+      
+      ListenAddress 0.0.0.0
+      SyslogFacility AUTH
+      permitRootLogin yes
+  owner: root
+  group: root
+  mode: '0644'
 - name: Delete old host SSH keys
   file:
     path: "{{ item }}"