diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
index 9dedb1d..7e02edc 100644
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@@ -69,7 +69,14 @@
 
     - name: remove short diffie diffie-hellman
       become: true
-      shell: |
-        awk '$5 >= 3071' /etc/ssh/moduli | sudo tee /etc/ssh/moduli.tmp
-        mv /etc/ssh/moduli.tmp /etc/ssh/moduli
-      notify: restart ssh service
\ No newline at end of file
+      shell:
+        creates: /etc/ssh/moduli.short
+        cmd: |
+          cp /etc/ssh/moduli /etc/ssh/moduli.short
+          awk '$5 >= 3071' /etc/ssh/moduli | tee /etc/ssh/moduli.tmp
+          if ! cmp /etc/ssh/moduli /etc/ssh/moduli.tmp; then
+            mv /etc/ssh/moduli.tmp /etc/ssh/moduli
+          fi
+      notify: restart ssh service
+      register: moduli_changed
+      changed_when: "'differ:' in moduli_changed.stdout"