diff --git a/.ssh/config.d/20_github b/.ssh/config.d/20_github
index 3b5a103b9b41c74227cc9bc63f62f8b66f1841ed..eb0b6b7b5d49388ee69bbeb65d23360ae6d4afb6 100644
--- a/.ssh/config.d/20_github
+++ b/.ssh/config.d/20_github
@@ -4,4 +4,4 @@
 
 Host github.com
 User git
-IdentityFile ~/Documents/github_rsa
+IdentityFile ~/Documents/github_ed25519
diff --git a/.ssh/config.d/20_shore b/.ssh/config.d/20_shore
index a858be5d5a9d10d928dc9e8728f08abc1ca416b2..7850ad3f3597baf7dff5f24521f08e91b53e3e98 100644
--- a/.ssh/config.d/20_shore
+++ b/.ssh/config.d/20_shore
@@ -9,13 +9,14 @@ Host host01.shore.co.il ns4.shore.co.il
 LocalForward 9090 localhost:9090
 
 Host ea6350.shore.co.il
+IdentityFile ~/Documents/Shore/shore_rsa
 User root
 LocalForward 8080 localhost:80
 
 Host git.shore.co.il
+IdentityFile ~/Documents/Shore/gitlab_ed25519
 HostName host01.shore.co.il
 Port 2222
-IdentityFile ~/Documents/Shore/gitlab_ed25519
 
 Host cgit.shore.co.il
 HostName host01.shore.co.il
@@ -26,5 +27,5 @@ Port 2222
 
 Host *.shore.co.il 192.168.3.*
 IdentityFile ~/Documents/Shore/shore_ecdsa
-IdentityFile ~/Documents/Shore/shore_rsa
+IdentityFile ~/Documents/Shore/shore_ed25519
 User nimrod
diff --git a/.ssh/config.d/99_default b/.ssh/config.d/99_default
index 99e71b6bb4dfd7009660f356de6ea5303a230d21..951ba8a2b34f941971b418d21d27fd286df4d628 100644
--- a/.ssh/config.d/99_default
+++ b/.ssh/config.d/99_default
@@ -1,8 +1,14 @@
 
 # vim:ft=sshconfig
-# Copied from
-# https://wiki.mozilla.org/Security/Guidelines/OpenSSH?source=techstories.org#Modern
-HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
-KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
-Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+# Based on:
+# https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Modern
+# but instead of specifying what to use (more maintenance especially with
+# different OSes and releases), specify what not to use. The baseline is
+# ElementaryOS Hera, aka Ubuntu Bionic.
+# http://manpages.ubuntu.com/manpages/bionic/en/man5/ssh_config.5.html
+Ciphers -aes128-cbc,aes192-cbc,aes256-cbc
+HostbasedKeyTypes -ssh-rsa,ssh-rsa-cert-v01@openssh.com
+HostKeyAlgorithms -ssh-rsa,ssh-rsa-cert-v01@openssh.com
+KexAlgorithms -diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1
+MACs -umac-64-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,hmac-sha1
+PubkeyAcceptedKeyTypes -ssh-rsa-cert-v01@openssh.com,ssh-rsa