diff --git a/tasks/setup.yml b/tasks/setup.yml
index 63170e5..dd065f2 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -4,8 +4,8 @@
 # SSH
 - name: setup - Copy sshd_config
   become: yes
-  copy:
-    src: "{{ role_path }}/files/sshd_config"
+  template:
+    src: "{{ role_path }}/templates/sshd_config.j2"
     dest: "/etc/ssh/sshd_config"
     backup: yes
   notify:
diff --git a/files/sshd_config b/templates/sshd_config.j2
similarity index 86%
rename from files/sshd_config
rename to templates/sshd_config.j2
index 7924381..6473957 100644
--- a/files/sshd_config
+++ b/templates/sshd_config.j2
@@ -18,7 +18,11 @@ LogLevel VERBOSE
 
 # Authentication:
 #LoginGraceTime 2m
+{% if 'root' == ansible_user_id %}
+PermitRootLogin yes
+{% else %}
 PermitRootLogin no
+{% endif %}
 #StrictModes yes
 MaxAuthTries 2
 MaxSessions 2
@@ -59,7 +63,11 @@ UseDNS no
 AcceptEnv LANG LC_*
 
 # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
+{% if ((override_os_family is defined) | ternary(override_os_family,ansible_os_family)) == 'Centos' %}
+Subsystem sftp  /usr/libexec/openssh/sftp-server -f AUTHPRIV -l INFO
+{% else %}
 Subsystem sftp  /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
+{% endif %}
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs