ssh: enable curve25519-sah256 again... (#325)

Author: SuperSandro2000

modules/ssh.nix

@@ -90,11 +90,15 @@ in
 
     services.openssh = lib.mkIf cfgS.recommendedDefaults {
       settings = {
-        # following ssh-audit: nixos default minus 2048 bit modules (diffie-hellman-group-exchange-sha256) and not post-quantum safe (curve25519-sha256)
+        # following ssh-audit: nixos default minus 2048 bit modules (diffie-hellman-group-exchange-sha256)
+        # and including not post-quantum safe (curve25519-sha256) because of legacy systems and slow moving libraries...
         KexAlgorithms = [
           "mlkem768x25519-sha256"
           "sntrup761x25519-sha512"
           "[email protected]"
+          # not post-quantum safe but we cannot have nice things, yet...
+          "curve25519-sha256"
+          "[email protected]"
         ];
         # following ssh-audit: nixos defaults
         Macs = [