diff --git a/Choux.yml b/Choux.yml
index 6a884d2..b32022e 100644
--- a/Choux.yml
+++ b/Choux.yml
@@ -2,12 +2,12 @@
 - hosts: localhost
   connection: local
 
+  vars:
+    - deploy_public_key: files/id_ed25519_home.pub
+
   vars_files:
     - vars/common.yml
 
-  extra_vars:
-    - deploy_public_key: files/id_ed25519_home.pub
-
   tasks:
     - include: tasks/arch_CLI_packages.yml
     - include: tasks/zsh.yml
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
index 56a80fe..0347c90 100644
--- a/tasks/ssh.yml
+++ b/tasks/ssh.yml
@@ -1,20 +1,22 @@
 ---
-- name: Copy sshd_config
-  template:
-    src: files/sshd_config
-    dest: /etc/ssh/sshd_config
+# - name: Copy sshd_config
+#   template:
+#     src: files/sshd_config
+#     dest: /etc/ssh/sshd_config
 
 - name: Disable empty password login
   lineinfile: 
     dest: /etc/ssh/sshd_config
     regexp: "^#?PermitEmptyPasswords"
     line: "PermitEmptyPasswords no"
+    backrefs: yes
 
 - name: Disable remote root login
   lineinfile: 
     dest: /etc/ssh/sshd_config 
     regexp: "^#?PermitRootLogin" 
     line: "PermitRootLogin no"
+    backrefs: yes
 
 - name: debug
   debug:
@@ -33,6 +35,7 @@
     dest: /etc/ssh/sshd_config
     regexp: "^#?PasswordAuthentication" 
     line: "PasswordAuthentication no"
+    backrefs: yes
   when: add_identity_key is success and not add_identity_key is skipped
   notify: restart sshd