diff --git a/roles/ssh-config/files/sshd_config b/roles/ssh-config/files/sshd_config
index 23f9b52f..8dc7bff8 100644
--- a/roles/ssh-config/files/sshd_config
+++ b/roles/ssh-config/files/sshd_config
@@ -13,4 +13,5 @@ UsePAM no
 
 PrintMotd no
 AcceptEnv LANG LC_*
-Subsystem	sftp	/usr/lib/openssh/sftp-server
+# whitelist DICT scanners https://helpdesk.ugent.be/security/vulnerability-scanning.php
+PerSourcePenaltyExemptList 172.18.1.0/26
diff --git a/roles/ssh-config/tasks/main.yml b/roles/ssh-config/tasks/main.yml
index 2c1be649..a006140c 100644
--- a/roles/ssh-config/tasks/main.yml
+++ b/roles/ssh-config/tasks/main.yml
@@ -2,6 +2,6 @@
 - name: Copy ssh config
   copy:
     src: sshd_config
-    dest: /etc/ssh/sshd_config
+    dest: /etc/ssh/sshd_config.d/10-custom-defaults.conf
   notify:
     - restart sshd