diff --git a/defaults/main.yml b/defaults/main.yml
index 020312d..57e08d5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,8 +1,19 @@
 ---
-sshd_user: root
-sshd_group: root
-sshd_binary: /usr/sbin/sshd
+### USER OPTIONS
+# Don't apply OS defaults when set to true
+sshd_skip_defaults: false
+# Empty dicts to avoid errors
+sshd: {}
+
+
+### VARS DEFAULTS
+### The following are defaults for OS specific configuration in var files in
+### this role. They should not be set by role users.
+sshd_packages: []
+sshd_config_owner: root
+sshd_config_group: root
 sshd_config_file: /etc/ssh/sshd_config
+sshd_binary: /usr/sbin/sshd
 sshd_service: sshd
 sshd_sftp_server: /usr/lib/openssh/sftp-server
-sshd: "{{ sshd_defaults }}"
+sshd_defaults: {}
diff --git a/meta/macros.j2 b/meta/macros.j2
index 2338e58..3c8020a 100644
--- a/meta/macros.j2
+++ b/meta/macros.j2
@@ -4,6 +4,8 @@
 {%     set value = override %}
 {%   elif sshd[key] is defined %}
 {%     set value = sshd[key] %}
+{%   elif sshd_defaults[key] is defined and sshd_skip_defaults != true %}
+{%     set value = sshd_defaults[key] %}
 {%   endif %}
 {%   if value is defined %}
 {%     if value is sameas true %}
diff --git a/tasks/main.yml b/tasks/main.yml
index c841d27..d3b84b7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -21,9 +21,9 @@
   template:
     src: sshd_config.j2
     dest: "{{ sshd_config_file }}"
-    owner: "{{ sshd_user }}"
-    group: "{{ sshd_group }}"
-    mode: 600
+    owner: "{{ sshd_config_owner }}"
+    group: "{{ sshd_config_group }}"
+    mode: 644
   notify: check and reload sshd
 
 - name: Service enabled and running
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index 113d7e9..e6bbbe6 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -4,6 +4,8 @@
 {%     set value = override %}
 {%   elif sshd[key] is defined %}
 {%     set value = sshd[key] %}
+{%   elif sshd_defaults[key] is defined and sshd_skip_defaults != true %}
+{%     set value = sshd_defaults[key] %}
 {%   endif %}
 {%   if value is defined %}
 {%     if value is sameas true %}
diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml
index 720d6b6..62e87e2 100644
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
@@ -1,5 +1,3 @@
 ---
-sshd_packages: []
-sshd_group: wheel
+sshd_config_group: wheel
 sshd_sftp_server: /usr/libexec/sftp-server
-sshd_defaults: {}