diff --git a/tests/image_prep/_container_setup.yml b/tests/image_prep/_container_setup.yml
index 7b466fc0..06cfc967 100644
--- a/tests/image_prep/_container_setup.yml
+++ b/tests/image_prep/_container_setup.yml
@@ -32,6 +32,7 @@
 
   roles:
     - role: sshd
+    - role: sshd_container
 
   tasks:
     - name: Ensure requisite apt packages are installed
diff --git a/tests/image_prep/_user_accounts.yml b/tests/image_prep/_user_accounts.yml
index 14ac87f0..3af21db7 100644
--- a/tests/image_prep/_user_accounts.yml
+++ b/tests/image_prep/_user_accounts.yml
@@ -62,7 +62,7 @@
     - name: Create Mitogen test groups
       group:
         name: "{{ item.name }}"
-      loop: "{{ mitogen_test_groups }}"
+      with_items: "{{ mitogen_test_groups }}"
 
     - name: Create user accounts
       vars:
@@ -158,7 +158,6 @@
           Defaults>mitogen__pw_required targetpw
           Defaults>mitogen__require_tty requiretty
           Defaults>mitogen__require_tty_pw_required requiretty,targetpw
-        prepend_newline: true
         validate: '/usr/sbin/visudo -cf %s'
 
     - name: Configure sudoers users
@@ -174,7 +173,6 @@
           {% for runas_user in normal_users %}
           {{ lookup('pipe', 'whoami') }} ALL = ({{ runas_user.name }}:ALL) NOPASSWD:ALL
           {% endfor %}
-        prepend_newline: true
         validate: '/usr/sbin/visudo -cf %s'
       when:
         - ansible_virtualization_type != "docker"
diff --git a/tests/image_prep/macos_localhost.yml b/tests/image_prep/macos_localhost.yml
index c046a2bc..b93bc780 100644
--- a/tests/image_prep/macos_localhost.yml
+++ b/tests/image_prep/macos_localhost.yml
@@ -5,3 +5,4 @@
   become: true
   roles:
     - role: sshd
+    - role: sshd_macos
diff --git a/tests/image_prep/roles/sshd/tasks/main.yml b/tests/image_prep/roles/sshd/tasks/main.yml
index 837c7d15..8f3e7e03 100644
--- a/tests/image_prep/roles/sshd/tasks/main.yml
+++ b/tests/image_prep/roles/sshd/tasks/main.yml
@@ -9,23 +9,12 @@
     path: "{{ sshd_config_file }}"
     line: "{{ item.line }}"
     regexp: "{{ item.regexp }}"
-  loop:
+  with_items:
     - line:     Banner /etc/ssh/banner.txt
       regexp:   '^#? *Banner.*'
     - line:     MaxAuthTries {{ sshd_config__max_auth_tries }}
       regexp:   '^#? *MaxAuthTries.*'
     - line:     PermitRootLogin yes
       regexp:   '.*PermitRootLogin.*'
-  loop_control:
-    label: "{{ item.line }}"
-  register: configure_sshd_result
-
-- name: Restart sshd
-  shell: |
-    launchctl unload /System/Library/LaunchDaemons/ssh.plist
-    wait 5
-    launchctl load -w /System/Library/LaunchDaemons/ssh.plist
-  changed_when: true
-  when:
-    - ansible_facts.distribution == "MacOSX"
-    - configure_sshd_result is changed
+  notify:
+    - Restart sshd  # Handler in platform specific role
diff --git a/tests/image_prep/roles/sshd_container/handlers/main.yml b/tests/image_prep/roles/sshd_container/handlers/main.yml
new file mode 100644
index 00000000..cc7b9166
--- /dev/null
+++ b/tests/image_prep/roles/sshd_container/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: Restart sshd
+  meta: noop
diff --git a/tests/image_prep/roles/sshd_macos/handlers/main.yml b/tests/image_prep/roles/sshd_macos/handlers/main.yml
new file mode 100644
index 00000000..6d4a7e21
--- /dev/null
+++ b/tests/image_prep/roles/sshd_macos/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: Restart sshd
+  shell: |
+    launchctl unload /System/Library/LaunchDaemons/ssh.plist
+    wait 5
+    launchctl load -w /System/Library/LaunchDaemons/ssh.plist
+  changed_when: true