diff --git a/modules/sshd.nix b/modules/sshd.nix
index 040ed09..0d02cb4 100644
--- a/modules/sshd.nix
+++ b/modules/sshd.nix
@@ -13,11 +13,8 @@
       ];
       # Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
       KexAlgorithms = [
-        "curve25519-sha256"
-        "curve25519-sha256@libssh.org"
-        "diffie-hellman-group16-sha512"
-        "diffie-hellman-group18-sha512"
         "sntrup761x25519-sha512@openssh.com"
+        "mlkem768x25519-sha256"
       ];
       PasswordAuthentication = false;
       StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists