From a6e95f3fd4993e972ad8fdf5b6aa20092c44ad5b Mon Sep 17 00:00:00 2001
From: Lunar <lunar@cypherpunk.is>
Date: Mon, 4 Nov 2019 12:46:55 -0600
Subject: [PATCH 1/2] Support KEX for OpenSSH 8.0+

Signed-off-by: Lunar <lunar@cypherpunk.is>
---
 tasks/crypto.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tasks/crypto.yml b/tasks/crypto.yml
index 74ba332..f573c73 100644
--- a/tasks/crypto.yml
+++ b/tasks/crypto.yml
@@ -51,6 +51,11 @@
 
 ###
 
+- name: set kex according to openssh-version if openssh >= 8.0
+  set_fact:
+    ssh_kex: '{{ ssh_kex_80_default }}'
+  when: sshd_version.stdout is version('8.0', '>=') and not ssh_kex
+
 - name: set kex according to openssh-version if openssh >= 6.6
   set_fact:
     ssh_kex: '{{ ssh_kex_66_default }}'

From 435ee7fd4a4a81271152edbbd13f76c0a20f7eee Mon Sep 17 00:00:00 2001
From: Lunar <lunar@cypherpunk.is>
Date: Mon, 4 Nov 2019 12:58:53 -0600
Subject: [PATCH 2/2] Add `sntrup4591761x25519-sha512@tinyssh.org` KEX

Signed-off-by: Lunar <lunar@cypherpunk.is>
---
 defaults/main.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 3d19111..310132c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -209,6 +209,11 @@ ssh_kex_59_default:
 ssh_kex_66_default:
   - curve25519-sha256@libssh.org
   - diffie-hellman-group-exchange-sha256
+  
+ssh_kex_80_default:
+  - sntrup4591761x25519-sha512@tinyssh.org
+  - curve25519-sha256@libssh.org
+  - diffie-hellman-group-exchange-sha256
 
 # directory where to store ssh_password policy
 ssh_custom_selinux_dir: '/etc/selinux/local-policies'