diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/converge.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/converge.yml
index 580694f..ceaf483 100644
--- a/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/converge.yml
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/converge.yml
@@ -7,3 +7,4 @@
   vars:
     lte_debian_version: bookworm
     lte_container_name: '{{ molecule_yml.platforms[0].name }}'
+    lte_container_root_pwd: '{{ lookup("ansible.builtin.env", "LTE_CONTAINER_ROOT_PWD") }}'
diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/destroy.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/destroy.yml
index ecaab8d..28f2d59 100644
--- a/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/destroy.yml
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/destroy.yml
@@ -9,7 +9,7 @@
       register: state
       changed_when: false
       with_items: '{{ molecule_yml.platforms }}'
-    - name: stop running containers
+    - name: stop and remove running containers
       ansible.builtin.shell:
         cmd: |
           lxc stop {{ item.name }} && \
diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/verify.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/verify.yml
index 9b08844..b7c7387 100644
--- a/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/verify.yml
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/extensions/molecule/default/verify.yml
@@ -8,5 +8,26 @@
       register: state
       with_items: '{{ molecule_yml.platforms }}'
     - name: verify launched container is running
-      assert:
+      ansible.builtin.assert:
         that: state.results[0].rc == 0 and "RUNNING" in state.results[0].stdout
+    - name: find container ip address
+      ansible.builtin.command: lxc ls -c=4 -f=compact {{ item.name }}
+      register: ipv4_raw
+      with_items: '{{ molecule_yml.platforms }}'
+    - name: set ipv4 address string as a fact
+      ansible.builtin.set_fact:
+        ipv4: '{{ ipv4_raw.results[0].stdout_lines[1] }}'
+    - name: extract ipv4 address of the linux container
+      ansible.builtin.set_fact:
+        ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
+    - name: load root password from environment variable
+      ansible.builtin.set_fact:
+        root_pwd: "{{ lookup('ansible.builtin.env', 'LTE_CONTAINER_ROOT_PWD') }}"
+    - name: connect via ssh to linux container
+      ansible.builtin.shell:
+        cmd: |
+          sshpass -p{{ root_pwd }} ssh -o ConnectTimeout=1 root@{{ ipv4 }} exit;
+      register: ssh
+    - name: verify ssh connection to linux container
+      ansible.builtin.assert:
+        that: ssh.rc == 0
diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/container.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/container.yml
index 97ba8f4..bd6e434 100644
--- a/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/container.yml
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/container.yml
@@ -10,3 +10,10 @@
         images:debian/{{ lte_debian_version }}/cloud \
         {{ lte_container_name }}
   when: (container_state.rc == 1) or ("RUNNING" not in container_state.stdout)
+- name: update apt cache and upgrade system packages
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+        bash -c \
+          '/usr/bin/apt update && /usr/bin/apt upgrade -y'
+  changed_when: false
diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/main.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/main.yml
index 467c0a2..845cbc5 100644
--- a/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/main.yml
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/main.yml
@@ -1,2 +1,4 @@
 ---
-- include_tasks: container.yml
+- ansible.builtin.include_tasks: container.yml
+- ansible.builtin.include_tasks: ume.yml
+- ansible.builtin.include_tasks: openssh-server.yml
diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/openssh-server.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/openssh-server.yml
new file mode 100644
index 0000000..b773d17
--- /dev/null
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/openssh-server.yml
@@ -0,0 +1,74 @@
+---
+- name: find systemctl service for openssh-server
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          systemctl status ssh.service
+  register: ssh_service
+  changed_when: false
+  failed_when: false
+- name: set fact ssh_service_exists
+  ansible.builtin.set_fact:
+    ssh_service_exists: '{{ ssh_service.rc == 0 }}'
+- name: install system package openssh-server
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          apt install -y openssh-server
+  register: ssh_pkg
+  when: not ssh_service_exists
+- name: check openssh server configuration for root access
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          grep -e "^PermitRootLogin yes$" /etc/ssh/sshd_config
+  register: root_access
+  changed_when: false
+  failed_when: false
+- name: set fact ssh_root_login_allowed
+  ansible.builtin.set_fact:
+    ssh_root_login_allowed: '{{ root_access.rc == 0 }}'
+- name: configure openssh server to allow root access via ssh
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          sed -i "$ a PermitRootLogin yes" /etc/ssh/sshd_config
+  register: sshd_config
+  when: not ssh_root_login_allowed
+- name: set fact ssh_server_installed
+  ansible.builtin.set_fact:
+    ssh_pkg_installed: '{{ ssh_pkg.changed and ssh_pkg.rc == 0 }}'
+- name: enable openssh server systemd service
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          systemctl enable --now ssh.service
+  when: ssh_pkg_installed
+- name: set fact sshd_config_touched
+  ansible.builtin.set_fact:
+    sshd_config_touched: '{{ sshd_config.changed and sshd_config.rc == 0 }}'
+- name: restart openssh server systemd service
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          systemctl restart ssh.service
+  when: sshd_config_touched
+- name: find container ip address
+  ansible.builtin.command: lxc ls -c=4 -f=compact {{ lte_container_name }}
+  register: ipv4
+  changed_when: false
+  when: sshd_config_touched
+- name: set fact ipv4
+  ansible.builtin.set_fact:
+    ipv4: '{{ ipv4.stdout_lines[1] }}'
+  when: sshd_config_touched
+- name: extract ipv4 address of the linux container
+  ansible.builtin.set_fact:
+    ipv4: "{{ ipv4 | regex_search('([0-9]+.[0-9]+.[0-9]+.[0-9]+)') }}"
+  when: sshd_config_touched
+- name: ssh-copy-id from server on the Edge to linux container
+  ansible.builtin.shell:
+    cmd: |-
+      sshpass -p {{ lte_container_root_pwd }} \
+          ssh-copy-id -o StrictHostKeyChecking=no root@{{ ipv4 }}
+  when: sshd_config_touched
diff --git a/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/ume.yml b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/ume.yml
new file mode 100644
index 0000000..1a2adbe
--- /dev/null
+++ b/collections/ansible_collections/theliberatededge/test_linux_containers/roles/linux_container/tasks/ume.yml
@@ -0,0 +1,8 @@
+---
+- name: change root user password in container
+  ansible.builtin.shell:
+    cmd: |-
+      lxc exec {{ lte_container_name }} -- \
+          bash -c \
+          'echo "root:{{ lte_container_root_pwd }}" | chpasswd'
+  changed_when: false