diff --git a/roles/sshd/defaults/main.yml b/roles/sshd/defaults/main.yml
index a319bd8..cc22c10 100644
--- a/roles/sshd/defaults/main.yml
+++ b/roles/sshd/defaults/main.yml
@@ -3,3 +3,6 @@ sshd_become: true
 sshd_become_user: root
 
 sshd_port: 22
+
+sshd_allow_tcp_forwarding: "no"
+sshd_max_sessions: 2
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index b3f2655..a3d1f48 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -30,11 +30,11 @@
       - regexp: "^#?AllowAgentForwarding"
         line: "AllowAgentForwarding no"
       - regexp: "^#?AllowTcpForwarding"
-        line: "AllowTcpForwarding no"
+        line: "AllowTcpForwarding {{ sshd_allow_tcp_forwarding }}"
       - regexp: "^#?MaxAuthTries"
         line: "MaxAuthTries 3"
       - regexp: "^#?MaxSessions"
-        line: "MaxSessions 2"
+        line: "MaxSessions {{ sshd_max_sessions }}"
       - regexp: "^#?PasswordAuthentication"
         line: "PasswordAuthentication no"
       - regexp: "^#?PermitRootLogin"