- hosts: all
  remote_user: root
  tasks:

  - name: Install fail2ban
    ansible.builtin.apt:
      pkg:
      - fail2ban
      state: latest
      update_cache: yes

  - name: Download and install fail2ban
    ansible.builtin.shell:
      cmd: cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
      cmd: systemctl enable fail2ban
      cmd: systemctl start fail2ban  

  - name: Replace PermitRootLogin 
    ansible.builtin.replace:
      path: /etc/ssh/sshd_config
      regexp: PermitRootLogin yes
      replace: PermitRootLogin prohibit-password

  - name: Replace PasswordAuthentication
    ansible.builtin.replace:
      path: /etc/ssh/sshd_config
      regexp: PasswordAuthentication yes
      replace: PasswordAuthentication no    

  - name: Restart SSH
    ansible.builtin.shell:
      cmd: systemctl restart ssh