diff --git a/tasks/configure_ssh_hardening.yml b/tasks/configure_ssh_hardening.yml
index cbc8cdc448d0889e748ccfebe29cd7d40ad8e069..f96eff9a33d8dcac2f0a15c9064edf738969dabc 100644
--- a/tasks/configure_ssh_hardening.yml
+++ b/tasks/configure_ssh_hardening.yml
@@ -34,11 +34,11 @@
       PermitRootLogin no
       # PermitRootLogin forced-commands-only
       # AllowUsers root lza import
-      # DenyUsers slub
+      DenyUsers dps
       # DenyUsers import
       # AllowGroups example1 example2
       # DenyGroups example1 example2
-      # AuthenticationMethods any
+      AuthenticationMethods publickey
       LoginGraceTime 2m
       PermitEmptyPasswords no
       PrintLastLog yes
@@ -47,7 +47,7 @@
       ClientAliveCountMax 2
       MaxAuthTries 3
       TCPKeepAlive no
-      {{ "PasswordAuthentication no" if ansible_os_family == "Debian" else "PasswordAuthentication yes" }}
+      PasswordAuthentication no
       # disable weak host key algorithm ssh-dss (Digital Signature Algorithm (DSA) / Digital Signature Standard (DSS))
       # NVT OID: 1.3.6.1.4.1.25623.1.0.117687
       HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com