diff --git a/roles/common/templates/0_main.sshd_config b/roles/common/templates/0_main.sshd_config
index a39754e..8e3ee0c 100644
--- a/roles/common/templates/0_main.sshd_config
+++ b/roles/common/templates/0_main.sshd_config
@@ -113,6 +113,11 @@ AcceptEnv LANG LC_*
 # override default of no subsystems
 Subsystem	sftp	/usr/lib/openssh/sftp-server
 
+# Disable weak key algorithms
+HostKeyAlgorithms -ecdsa-sha2-nistp256
+KexAlgorithms -diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
+MACs -hmac-sha1,hmac-sha2-256,hmac-sha2-512,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #	X11Forwarding no