without sshd_config and delete authorized_keys

roles/config-root-user/tasks/main.yaml

@@ -18,16 +18,20 @@
     name: root
     password: "{{ ssh_password | password_hash('sha512') }}"
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-
+# delete root ssh pub key in Authorized_keys
+- name: delete ssh pub key in /root/.ssh/authorized_keys
+  file:
+    path: "{{ root_authorized_keys }}"
+    state: absent
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # config sshd_config file , no root password
-- name: change sshd_config to no root password
-  lineinfile:
-    path: "{{ path_sshd_config_file }}"
-    regexp: "PermitRootLogin yes"
-    line: "#PermitRootLogin prohibit-password"
-    state: present
-  notify: Restart ssh service
+#- name: change sshd_config to no root password
+#  lineinfile:
+#    path: "{{ path_sshd_config_file }}"
+#    regexp: "PermitRootLogin yes"
+#    line: "#PermitRootLogin prohibit-password"
+#    state: present
+#  notify: Restart ssh service
 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 # service should start on boot.
 - name: service should start on boot

roles/config-root-user/vars/main.yaml

@@ -2,6 +2,7 @@
 ssh_daemon: ssh
 path_sshd_config_file: /etc/ssh/sshd_config
 path_bashrc_root: /root/.bashrc
+root_authorized_keys: /root/.ssh/authorized_keys
 export_LS_OPTIONS: export LS_OPTIONS='--color=auto'
 eval_dircolors: eval "$(dircolors)"
 alias_ls: alias ls='ls $LS_OPTIONS'