diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0b44a889..7bcf176a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -64,6 +64,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * nginx: set default server directive in default vhost
 * opendkim: update apt cache before install
 * redis: replace errorneous ini_file module for Munin config, fix dedicted Munin config filename (z-XXX).
+* evolinux-base, evolinux-users: Fix files mode under /etc/ssh/sshd_config.d
+* evolinux-base: Fix file extension
 
 ### Removed
 
diff --git a/evolinux-base/tasks/root.yml b/evolinux-base/tasks/root.yml
index 0baad708..183def7c 100644
--- a/evolinux-base/tasks/root.yml
+++ b/evolinux-base/tasks/root.yml
@@ -106,6 +106,7 @@
     path: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
     line: "PermitRootLogin no"
     create: yes
+    mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'
   notify: reload sshd
   when:
diff --git a/evolinux-base/tasks/ssh.included-files.yml b/evolinux-base/tasks/ssh.included-files.yml
index dfae0b2b..87e9de5e 100644
--- a/evolinux-base/tasks/ssh.included-files.yml
+++ b/evolinux-base/tasks/ssh.included-files.yml
@@ -7,6 +7,7 @@
   ansible.builtin.template:
     src: sshd/defaults.j2
     dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
+    mode: "0644"
 
 - name: "Get current user's group"
   ansible.builtin.command:
@@ -27,7 +28,7 @@
 
 - name: "Add AllowUsers sshd directive for current user"
   ansible.builtin.lineinfile:
-    dest: /etc/ssh/sshd_config.d/allow_evolinux_user
+    dest: /etc/ssh/sshd_config.d/allow_evolinux_user.conf
     line: "AllowUsers {{ logname.stdout }}"
     insertafter: 'Subsystem'
     validate: '/usr/sbin/sshd -t -f %s'
diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml
index ae1db373..9a696901 100644
--- a/evolinux-users/tasks/ssh.yml
+++ b/evolinux-users/tasks/ssh.yml
@@ -86,6 +86,7 @@
     path: /etc/ssh/sshd_config.d/z-evolinux-users.conf
     line: "PermitRootLogin no"
     create: yes
+    mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'
     insertbefore: "BOF"
   notify: reload sshd
diff --git a/evolinux-users/tasks/ssh_allowgroups.yml b/evolinux-users/tasks/ssh_allowgroups.yml
index fd74a7c0..11446b4d 100644
--- a/evolinux-users/tasks/ssh_allowgroups.yml
+++ b/evolinux-users/tasks/ssh_allowgroups.yml
@@ -39,6 +39,7 @@
     path: /etc/ssh/sshd_config.d/z-evolinux-users.conf
     line: "AllowGroups {{ evolinux_ssh_group }}"
     create: yes
+    mode: "0644"
     validate: '/usr/sbin/sshd -t -f %s'
   when:
     - ansible_distribution_major_version is version('12', '>=')