When changing the `Ciphers` or `MACs` parameters in `set service ssh <option>`, an existing line within sshd_config would not be altered but a new line appended instead, resulting in multiple Ciphers / MACs lines existing in sshd_config.
To fix this, and at the same time, adapt SSH config options to the new capabilities of OpenSSH 6.7, I propose the attached patch to the `vyatta-cfg-system` package. SSH service configuration will then look as follows:
```
vyos@vyos# set service ssh
Possible completions:
allow-root Enable root login over ssh
ciphers Allowed ciphers
disable-host-validation
Don't validate the remote host name with DNS
disable-password-authentication
Don't allow unknown user to login with password
key-exchange Allowed key exchange algorithms
+ listen-address
Local addresses SSH service should listen on
loglevel Log Level
macs Allowed message authentication algorithms
port Port for SSH service
[edit]
vyos@vyos#
```
**Patch**
{F30229}
**vyatta-cfg-system**
{F30230}
**Edited:**
- I failed to use the correcty syntax for `git diff` in order to include new files into the patch set. This was fixed with this edit.
- For quick evaluation, I attached a vyatta-cfg-system deb package you may install on the fly.