more work, get rid of jail stuff, using vps directly

roles/ssh/files/sshd_config

@@ -0,0 +1,14 @@
+LogLevel INFO
+LoginGraceTime 1m
+PermitRootLogin no
+StrictModes yes
+MaxAuthTries 3
+MaxSessions 2
+PubkeyAuthentication yes
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+

roles/ssh/handlers/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: start sshd
+  service:
+    name: sshd
+    state: restarted
+  async: 45
+  poll: 5

roles/ssh/tasks/main.yaml

@@ -0,0 +1,11 @@
+---
+- name: copy config file
+  copy:
+    src: sshd_config
+    dest: "/etc/ssh/"
+
+- name: restart sshd
+  community.general.sysrc:
+    name: sshd_enable
+    value: "YES"
+  notify: restart sshd