diff --git a/roles/ubuntu_base/tasks/main.yml b/roles/ubuntu_base/tasks/main.yml
index 1db59dd..4bc040c 100644
--- a/roles/ubuntu_base/tasks/main.yml
+++ b/roles/ubuntu_base/tasks/main.yml
@@ -2,3 +2,4 @@
 - import_tasks: upgrade.yml
 - import_tasks: base.yml
 - import_tasks: users.yml
+- import_tasks: sshd.yml
diff --git a/roles/ubuntu_base/tasks/sshd.yml b/roles/ubuntu_base/tasks/sshd.yml
new file mode 100644
index 0000000..05a5e57
--- /dev/null
+++ b/roles/ubuntu_base/tasks/sshd.yml
@@ -0,0 +1,6 @@
+---
+- name: Disallow ssh password login
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    line: "PasswordAuthentication no"
+    regexp: "^#?PasswordAuthentication "