## 1. Replace full sshd_config with drop-in

- [x] 1.1 Create new `sshd-hardening.conf.j2` template with only the 6 hardened settings
- [x] 1.2 Replace the template task in `roles/base/tasks/main.yml` to deploy drop-in at `/etc/ssh/sshd_config.d/99-hardening.conf`
- [x] 1.3 Delete old `roles/base/templates/sshd_config.j2`

## 2. Fix sshd handler

- [x] 2.1 Change handler from `restart sshd` to `reload ssh` in `roles/base/handlers/main.yml`