diff --git a/defaults/main.yml b/defaults/main.yml
index 83a915b..3ad18ae 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,6 +3,7 @@
 crypto_policy: 'STRICT'
 
 allow_tcp_forwarding: 'no'
+allow_agent_forwarding: 'no'
 
 # Diffie Hellmann moduli size
 min_dh_size: '3072'
diff --git a/tasks/main.yml b/tasks/main.yml
index f40563c..3f1ec7d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -65,10 +65,14 @@
       line: 'X11Forwarding no'
     - regexp: '^(#)?AllowTcpForwarding'
       line: "AllowTcpForwarding {{ allow_tcp_forwarding }}"
+    - regexp: '^(#)?AllowAgentForwarding'
+      line: "AllowAgentForwarding {{ allow_agent_forwarding }}"
     - regexp: '^(#)?MaxAuthTries \d'
-      line: 'MaxAuthTries 4'
+      line: 'MaxAuthTries 3'
     - regexp: '^(#)?MaxSessions'
-      line: "MaxSessions 10"
+      line: "MaxSessions 2"
+    - regexp: '^(#)?TCPKeepAlive'
+      line: "TCPKeepAlive no"
   notify: Restart sshd
 
 - name: Apply STRICT hardening for sshd