diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 0233096..7d1cc08 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -24,4 +24,6 @@
   tags:
     - always
 
+- import_tasks: sshd.yml
+
 - meta: flush_handlers
diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml
new file mode 100644
index 0000000..422e17b
--- /dev/null
+++ b/roles/common/tasks/sshd.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Disable root password login
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: '^#?PermitRootLogin'
+    line: PermitRootLogin prohibit-password
+    state: present