Update..

group_vars/all/main.yml

@@ -722,7 +722,6 @@ sshd_listen_address:
 
 sshd_host_keys:
   - /etc/ssh/ssh_host_rsa_key
-  - /etc/ssh/ssh_host_ecdsa_key
   - /etc/ssh/ssh_host_ed25519_key
 
 # only for debian version <= 9
@@ -749,16 +748,44 @@ sshd_print_motd: !!str "no"
 #      - diffie-hellman-group-exchange-sha256
 #      - diffie-hellman-group14-sha1
 #
-sshd_kexalgorithms: {}
+#sshd_kexalgorithms: {}
+sshd_kexalgorithms:
+  - curve25519-sha256
+  - curve25519-sha256@libssh.org
+  - diffie-hellman-group16-sha512
+  - diffie-hellman-group18-sha512
+  - diffie-hellman-group-exchange-sha256
 
-# sshd_kexalgorithms
+# sshd__ciphers
 #
 # Example:
 #    sshd_ciphers:
 #      - chacha20-poly1305@openssh.com
 #      - aes256-gcm@openssh.com
 #      - aes256-ctr
-sshd_ciphers: {}
+#sshd_ciphers: {}
+sshd_ciphers:
+  - chacha20-poly1305@openssh.com
+  - aes256-gcm@openssh.com
+  - aes128-gcm@openssh.com
+  - aes256-ctr
+  - aes192-ctr
+  - aes128-ctr
+
+#sshd_macs: {}
+sshd_macs:
+  - hmac-sha2-256-etm@openssh.com
+  - hmac-sha2-512-etm@openssh.com
+  - umac-128-etm@openssh.com
+
+#sshd_hostkeyalgorithms: {}
+sshd_hostkeyalgorithms:
+  - ssh-ed25519
+  - ssh-ed25519-cert-v01@openssh.com
+  - rsa-sha2-256
+  - rsa-sha2-512
+  - rsa-sha2-256-cert-v01@openssh.com
+  - rsa-sha2-512-cert-v01@openssh.com
 
 sshd_use_dns: !!str "no"
 

group_vars/all/vars.yml.sample

@@ -15,11 +15,6 @@
 # ---
 
 
-# ---
-# vars used by roles/common/tasks/sshd.yml
-# ---
-
-
 # ---
 # vars used by apt.yml
 # ---
@@ -40,6 +35,11 @@
 # ---
 
 
+# ---
+# vars used by roles/common/tasks/sshd.yml
+# ---
+
+
 # ---
 # vars used by roles/common/tasks/sudoers.yml
 # ---