diff --git a/tasks/configure_ssh_hardening.yml b/tasks/configure_ssh_hardening.yml
index ecb69332f4c6f2d9572f650077c3ed33dd84c234..780cff7ec546250702b0fdfca95c3d695de05eb3 100644
--- a/tasks/configure_ssh_hardening.yml
+++ b/tasks/configure_ssh_hardening.yml
@@ -56,9 +56,9 @@
       KexAlgorithms diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org
       # disable weak Ciphers (crypto algorithms)
       # NVT OID: 1.3.6.1.4.1.25623.1.0.105611
-      # Also explicitely disable ChaCha ciphers for "Terrapin" (CVE-2023-48795)
-      Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com,-chacha20-poly1305@openssh.com
-      # Explicitely disable -ETM MACs for "Terrapin" (CVE-2023-48795)
-      MACs hmac-sha2-512,hmac-sha2-256,-*etm@openssh.com
+      # Also explicitely omit ChaCha ciphers for "Terrapin" (CVE-2023-48795)
+      Ciphers aes256-ctr,aes192-ctr,aes128-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com
+      # Explicitely omit -ETM MACs for "Terrapin" (CVE-2023-48795)
+      MACs hmac-sha2-512,hmac-sha2-256
   notify:
     - restart sshd