diff --git a/fortify@vps.yml b/fortify@vps.yml
index 0c33c01..0be4531 100644
--- a/fortify@vps.yml
+++ b/fortify@vps.yml
@@ -8,7 +8,6 @@
     # # below is just to remind you to use '--ask-pass' instead
     # ansible_password: "{{ root_auths[0].password }}"
     FAMILY: "{{ ansible_facts['os_family'] }}"
-    root_disable_method: delog
 
   tasks:
     - name: Create users
@@ -25,17 +24,16 @@
       include_role:
         name: bootstrap
         tasks_from: auth@ssh.yml
-      vars:
-        pubkeys: "{{ user_pubkeys }}"
-        root_acct: "{{ root_auths[0] }}"
+        defaults_from: options/ssh.yml
+        vars_from: options/ssh.yml
       register: ssh_authorized
       tags: ['default', 'ssh_uthorization']
     - name: Disable SSH login for this account
       include_role:
         name: bootstrap
         tasks_from: denyroot@ssh.yml
-      vars:
-        root_acct: "{{ root_auths[0] }}"
+        defaults_from: options/ssh.yml
+        vars_from: options/ssh.yml
       register: sshroot_disabled
       tags: ['default', 'root_denial']
       when: not ssh_root_login
@@ -43,7 +41,6 @@
       include_role:
         name: bootstrap
         tasks_from: denyroot.yml
-      vars:
-        roots: "{{ root_auths }}"
-        nonlogin_method: "{{ root_disable_method }}"
+        defaults_from: options/ssh.yml
+        vars_from: options/ssh.yml