diff --git a/linux/compliance.yaml b/linux/compliance.yaml
index 2465f46..daf8e74 100644
--- a/linux/compliance.yaml
+++ b/linux/compliance.yaml
@@ -22,6 +22,7 @@
       file:
         path: /home/ansible/.ssh
         state: directory
+        creates:
     - name: Add deployment user's SSH key.
       shell:
         cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
@@ -61,8 +62,13 @@
         groups: sudo
         append: yes
 
+    - name: Add nhadmin user's SSH key.
+      shell:
+        cmd: echo "{{ nhadmin_key }}" > /home/nhadmin/.ssh/authorized_keys
+        creates: /home/nhadmin/.ssh/authorized_keys
+
     # SSH config updating
-    - name: Update SSH configuration to disallow root login.
+    - name: Update SSH configuration to disallow root login and disable password authentication.
       lineinfile:
         dest: /etc/ssh/sshd_config
         regexp: "{{ item.regexp }}"
@@ -72,6 +78,10 @@
       with_items:
         - regexp: "^PermitRootLogin"
           line: "PermitRootLogin no"
+        - regexp: "^PasswordAuthentication"
+          line: "PasswordAuthentication no"
+        - regexp: "^PubkeyAuthentication"
+          line: "PubkeyAuthentication yes"
     - name: Restart SSH service.
       service:
         name: ssh