diff --git a/ssh-server/handlers/main.yml b/ssh-server/handlers/main.yml
index d796ac6c0fe039b43ca7f04771a71b02cdc26d0a..af768622e247bb4d9da2f9a77480b1d675cc5168 100644
--- a/ssh-server/handlers/main.yml
+++ b/ssh-server/handlers/main.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: restart sshd
+- name: restart ssh
   service:
-    name: ssh
+    name: sshd
     state: restarted
diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml
index ef491fdfec4e73bb932dfc437aabb84a387af5a5..5b7362680bc29e4eac943861f1e84e1d48fb646f 100644
--- a/ssh-server/tasks/main.yml
+++ b/ssh-server/tasks/main.yml
@@ -2,7 +2,7 @@
 # file: roles/common/tasks/sshd.yml
 
 - name: ensure sshd is installed
-  apt:
+  package:
     name: openssh-server
     state: present
   tags:
@@ -17,7 +17,9 @@
     mode: '0644'
     backup: true
     validate: '/usr/sbin/sshd -t -f %s'
-  when: ansible_distribution_major_version|int(default=99) < 11
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) < 11
   notify:
     - restart sshd
   tags:
@@ -32,7 +34,9 @@
     mode: '0644'
     backup: true
     validate: '/usr/sbin/sshd -t -f %s'
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) > 10
   notify:
     - restart sshd
   tags:
@@ -47,7 +51,7 @@
     mode: '0644'
     backup: true
     validate: '/usr/sbin/sshd -t -f %s'
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
   with_items:
     - authentication.conf
     - banner.conf
@@ -55,7 +59,7 @@
     - forwarding.conf
     - groups.conf
   notify:
-    - restart sshd
+    - restart ssh
   tags:
     - ssh
 
@@ -67,7 +71,9 @@
     group: root
     mode: '0644'
     backup: true
-  when: ansible_distribution_major_version|int(default=99) < 11
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) < 11
   tags:
     - ssh
 
@@ -79,7 +85,9 @@
     group: root
     mode: '0644'
     backup: true
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when:
+    - is_debian
+    - ansible_distribution_major_version|int(default=99) > 10
   tags:
     - ssh
 
@@ -91,7 +99,7 @@
     group: root
     mode: '0644'
     backup: true
-  when: ansible_distribution_major_version|int(default=99) > 10
+  when: not is_debian or ansible_distribution_major_version|int(default=99) > 10
   with_items:
     - gssapi.conf
     - sshfp.conf
@@ -105,8 +113,9 @@
     owner: root
     group: root
     mode: '0644'
+  when: is_debian
   notify:
-    - restart sshd
+    - restart ssh
   tags:
     - ssh
 
@@ -114,7 +123,9 @@
   command: pam-auth-update --enable mkhomedir --force
   environment:
     DEBIAN_FRONTEND: noninteractive
-  when: ssh_mkhomedir
+  when:
+    - ssh_mkhomedir
+    - is_debian
   tags:
     - ssh
     - pam
@@ -123,14 +134,16 @@
   command: pam-auth-update --remove mkhomedir --force
   environment:
     DEBIAN_FRONTEND: noninteractive
-  when: not ssh_mkhomedir
+  when:
+    - not ssh_mkhomedir
+    - is_debian
   tags:
     - ssh
     - pam
 
 - name: ensure sshd is running and enabled
   service:
-    name: ssh
+    name: ssh{{ "d" if is_rhel }}
     state: started
     enabled: true
   tags:
@@ -192,7 +205,7 @@
     - root
 
 - name: ensure we fail2ban bad people
-  apt:
+  package:
     name: fail2ban
     state: present
   tags:
@@ -202,6 +215,7 @@
   apt:
     name: molly-guard
     state: present
+  when: is_debian
   tags:
     - molly
     - shell
@@ -214,6 +228,7 @@
     owner: root
     group: root
     mode: '0644'
+  when: is_debian
   tags:
     - molly
     - shell