diff --git a/defaults/main.yml b/defaults/main.yml
index e5e32ff..df4585b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,9 +13,34 @@ sshd:
     # - ecdsa
     # - dsa # (do not use!)
 
+  kex_algorithmus:
+    - 'curve25519-sha256@libssh.org'
+    - 'diffie-hellman-group-exchange-sha256'
+    # - 'diffie-hellman-group-exchange-sha1'
+    # - 'diffie-hellman-group14-sha1'
+    # - 'diffie-hellman-group1-sha1'
+
+  ciphers:
+    - 'chacha20-poly1305@openssh.com'
+    - 'aes256-gcm@openssh.com'
+    # - 'aes256-ctr'
+    # - 'aes256-cbc'
+    # - 'aes128-ctr'
+    # - 'aes128-cbc'
+  macs:
+    - 'hmac-sha2-512-etm@openssh.com'
+    - 'hmac-sha2-256-etm@openssh.com'
+    # - 'hmac-sha2-512'
+    # - 'hmac-sha2-256'
+    # - 'hmac-ripemd160-etm@openssh.com'
+    # - 'umac-128-etm@openssh.com'
+    # - 'hmac-sha1'
 
 
-## default users for SSH access
+
+
+#
+# default users for SSH access
 #sshd_default_allowed_users:
 #  - "root"
 #  - "ansible"
diff --git a/tasks/main.yml b/tasks/main.yml
index 55bc13a..054fbf3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -14,12 +14,10 @@
     - name: read default variable
       include_vars: vars/default.yml
 
-- pause:
-
-- name: Collect all users and groups allowed to login via ssh
-  set_fact:
-    sshd_allow_users:  '{{ sshd_default_allowed_users + users.keys() | default({}) | sort }}'
-    sshd_allow_groups: '{{ sshd_default_allowed_groups + users.keys() | default({}) | sort }}'
+#- name: Collect all users and groups allowed to login via ssh
+#  set_fact:
+#    sshd_allow_users:  '{{ sshd_default_allowed_users + users.keys() | default({}) | sort }}'
+#    sshd_allow_groups: '{{ sshd_default_allowed_groups + users.keys() | default({}) | sort }}'
 
 - name: Copy sshd configuration
   become: yes
@@ -29,10 +27,12 @@
     owner: root
     group: root
     mode: 'u=rw,g=r,o=r'
-    validate: /usr/sbin/sshd -t -f %s
+#    validate: /usr/sbin/sshd -t -f %s
     backup: yes
   notify:
     - systemctrl restart ssh
+- pause:
+
 
 - name: Generate new ecdsa ssh host key pair if necessary
   become: yes
diff --git a/templates/sshd_config.j2 b/templates/sshd_config.j2
index 55c7f6c..7a29ca4 100644
--- a/templates/sshd_config.j2
+++ b/templates/sshd_config.j2
@@ -7,17 +7,26 @@ Port {{ sshd.port }}
 TCPKeepAlive yes
 
 # Key exchange
-#KexAlgorithms curve25519-sha256@libssh.org,
-#              diffie-hellman-group-exchange-sha256
-{% if ansible_distribution_release == 'wheezy' -%}
-  KexAlgorithms diffie-hellman-group-exchange-sha256
-{%- else -%}
-  KexAlgorithms diffie-hellman-group-exchange-sha256
-  {%- if use_diffie_hellman_group_exchange_sha256 -%}
-    ,diffie-hellman-group-exchange-sha256
-  {%- endif -%}
-{%- endif %}
+KexAlgorithms
+{%- for algo in sshd.kex_algorithmus -%}
+{{ ' ' }}{{ algo }}{{ "," if not loop.last }}
+{%- endfor %}
 
+
+# Ciphers:
+Ciphers
+{%- for cipher in sshd.ciphers -%}
+{{ ' ' }}{{ cipher }}{{ "," if not loop.last }}
+{%- endfor %}
+
+
+# Macs
+MACs
+{%- for mac in sshd.macs -%}
+{{ ' ' }}{{ mac }}{{ "," if not loop.last }}
+{%- endfor %}
+
+{#
 # Server authentication
 Protocol 2
 {% if ansible_distribution_release == 'wheezy' %}
@@ -105,3 +114,4 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 {% endif %}
 
 # ETC
+#}