diff --git a/roles/slurmdb-config/tasks/main.yml b/roles/slurmdb-config/tasks/main.yml
index a31f5ad72b0a21cc1ebb67d654eea977205b33b1..5dd774c316b215fc7498a2ea79737d4f761b09e2 100644
--- a/roles/slurmdb-config/tasks/main.yml
+++ b/roles/slurmdb-config/tasks/main.yml
@@ -23,12 +23,18 @@
 
 - name: install slurmdb.conf
   copy: src=files/slurmdbd.conf dest={{ slurm_dir }}/etc/slurmdbd.conf
+  owner: slurm
+  group: slurm
+  mode: u+rw,g-wx,o-rwx
   sudo: true
   when: slurm_dir is defined
 
 
 - name: install slurmdbd.conf
   copy: src=slurmdbd.conf dest=/etc/slurm/slurmdbd.conf
+  mode: u+rw,g-wx,o-rwx
+  owner: slurm
+  group: slurm
   sudo: true
   when: slurm_dir is not defined
 
diff --git a/roles/ssh-nopassword-login/handlers/main.yml b/roles/ssh-nopassword-login/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..df0d3deeca457c10a9805a439cb4a61087cac8d3
--- /dev/null
+++ b/roles/ssh-nopassword-login/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: "restart sshd"
+  service: name=sshd state=restarted
+  sudo: true
+  when: ansible_os_family == "RedHat"
+
+- name: "restart ssh"
+  service: name=ssh state=restarted
+  sudo: true
+  when: ansible_os_family == "Debian"
diff --git a/roles/ssh-nopassword-login/tasks/main.yml b/roles/ssh-nopassword-login/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..f8594e1902a904b5be06ab3575c1ae697532b854
--- /dev/null
+++ b/roles/ssh-nopassword-login/tasks/main.yml
@@ -0,0 +1,24 @@
+- name: "Disable Challenge Response"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "ChallengeResponseAuthentication yes"
+    line: "ChallengeResponseAuthentication no" 
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
+
+- name: "Disable Password"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
+
diff --git a/roles/ssh-nopassword-login/tasks/main.yml~ b/roles/ssh-nopassword-login/tasks/main.yml~
new file mode 100644
index 0000000000000000000000000000000000000000..f8594e1902a904b5be06ab3575c1ae697532b854
--- /dev/null
+++ b/roles/ssh-nopassword-login/tasks/main.yml~
@@ -0,0 +1,24 @@
+- name: "Disable Challenge Response"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "ChallengeResponseAuthentication yes"
+    line: "ChallengeResponseAuthentication no" 
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
+
+- name: "Disable Password"
+  lineinfile:
+  args:
+    dest: /etc/ssh/sshd_config
+    regexp: "PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+    backrefs: yes
+  sudo: true
+  notify: 
+  - restart sshd
+  - restart ssh
+