diff --git a/evolinux-base/README.md b/evolinux-base/README.md
index 570e2313..dbcf7762 100644
--- a/evolinux-base/README.md
+++ b/evolinux-base/README.md
@@ -37,5 +37,6 @@ Main variables are:
 * `evolinux_postfix_purge_exim`: purge Exim packages (default: `True`) ;
 * `evolinux_ssh_password_auth_addresses`: list of addresses that can authenticate with a password (default: `[]`)
 * `evolinux_ssh_disable_root`: disable SSH access for root (default: `False`)
+* `evolinux_ssh_allow_current_user`: don't lock yourself out (default: `False`)
 
 The full list of variables (with default values) can be found in `defaults/main.yml`.
diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml
index 174fc2d0..c5b09328 100644
--- a/evolinux-base/defaults/main.yml
+++ b/evolinux-base/defaults/main.yml
@@ -111,6 +111,7 @@ evolinux_ssh_include: True
 evolinux_ssh_password_auth_addresses: []
 evolinux_ssh_match_address: True
 evolinux_ssh_disable_acceptenv: True
+evolinux_ssh_allow_current_user: False
 
 # evolinux users
 
diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml
index 8094d8bc..20b93fed 100644
--- a/evolinux-base/tasks/ssh.yml
+++ b/evolinux-base/tasks/ssh.yml
@@ -35,4 +35,17 @@
   notify: reload sshd
   when: ansible_distribution_major_version | version_compare('9', '>=')
 
+- name: "Get current user"
+  command: logname
+  register: logname
+  check_mode: no
+  when: evolinux_ssh_allow_current_user
+
+- name: "Allow current user"
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "AllowUsers {{ logname.stdout }}"
+    insertafter: 'Subsystem'
+  when: evolinux_ssh_allow_current_user
+
 - meta: flush_handlers