diff --git a/README.md b/README.md
index 3edfbf7..0bce355 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,37 @@
-# role_modele
+# role_ssh
 
-Modèle
\ No newline at end of file
+Secure SSH configuration and manage SSH port
+
+## inventory.yml
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+    host2.ykn.local:
+  children:
+    dnsservers:
+      hosts:
+        dnsmasq1.ykn.local:
+        dnsmasq2.ykn.local:
+```
+
+## host_vars/host1.ykn.local.yml
+
+```yaml
+---
+
+ssh_listen_port: 2201
+```
+
+### playbook.yml
+
+```yaml
+---
+
+- hosts: all
+  roles:
+    - name: ssh
+```
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..8741e1d
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+# defaults file for ssh
+
+ssh_listen_port: 22
+ssh_permit_root_login: !!str no
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..f1fc0c2
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+# handlers file for ssh
+
+- name: Restart ssh.service
+  ansible.builtin.systemd:
+    state: restarted
+    name: sshd.service
+  become: true
diff --git a/meta/main.yml b/meta/main.yml
index c58bebf..274316c 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Secure SSH configuration and manage SSH port
 
   license: GPL-3.0-or-later
 
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..7ea7db3
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+# tasks file for ssh
+
+- name: Deploy security conf
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: security.conf.j2
+    dest: /etc/ssh/sshd_config.d/security.conf
+  become: true
+  notify: Restart ssh.service
+
+- name: Deploy port conf
+  ansible.builtin.template:
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+    src: port.conf.j2
+    dest: /etc/ssh/sshd_config.d/port.conf
+  become: true
+  notify: Restart ssh.service
diff --git a/templates/port.conf.j2 b/templates/port.conf.j2
new file mode 100644
index 0000000..21d1c6e
--- /dev/null
+++ b/templates/port.conf.j2
@@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+Port {{ ssh_listen_port }}
diff --git a/templates/security.conf.j2 b/templates/security.conf.j2
new file mode 100644
index 0000000..3ab3f9b
--- /dev/null
+++ b/templates/security.conf.j2
@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+PermitRootLogin {{ ssh_permit_root_login }}
+PasswordAuthentication no
+PermitEmptyPasswords no
+
+LoginGraceTime 30
+{{ 'DebianBanner no' if (ansible_facts['distribution'] | lower) == 'debian' }}
+X11Forwarding no
+StrictModes yes