diff --git a/playbook.yml b/playbook.yml
index d225158..c8ab685 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -6,12 +6,17 @@
     # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
     # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
     # - devsec.hardening.os_hardening
+    # - devsec.hardening.ssh_hardening
   vars:
     # devsec.hardening.os_hardening vars:
     os_auth_pw_max_age: 99999 # Effectively disables the setting as mentioned in the docs.
     os_cron_enabled: false # Cron isn't needed for the installation.
     sysctl_overwrite:
       vm.mmap_rnd_bits: 16 # See the "sysctl - vm.mmap_rnd_bits" section of the docs.
+    # devsec.hardening.ssh_hardening vars:
+    ssh_allow_users: 'thomas'
+    ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN.
+    ssh_client_password_login: false # Default, but duplicated here for documentation purpose.
   tasks:
     # Disable warning on updating latest packages, it should be safe enough for this system.
     - name: Update all packages to their latest version # noqa: package-latest