diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
index d70083a..169a87b 100644
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@@ -17,7 +17,7 @@ ListenAddress ::
 
 #HostKey /etc/ssh/ssh_host_rsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 
 # Ciphers and keying
 #RekeyLimit default none
@@ -115,6 +115,11 @@ AcceptEnv LANG LC_*
 #Subsystem	sftp	/usr/lib/openssh/sftp-server
 Subsystem       sftp    internal-sftp
 
+# Hardened set of key exchange, cipher, and MAC algorithms, as per <https://www.sshaudit.com/hardening_guides.html>.
+KexAlgorithms curve25519-sha256@libssh.org
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
+
 Match User root
         AuthenticationMethods publickey