diff --git a/tasks/ssh_cluster_config.yml b/tasks/ssh_cluster_config.yml
index b1c34f78..94acd4ba 100644
--- a/tasks/ssh_cluster_config.yml
+++ b/tasks/ssh_cluster_config.yml
@@ -85,3 +85,13 @@
     insertbefore: BOF
     create: yes
     dest: /root/.ssh/config
+    state: present
+  when: pve_ssh_ciphers is defined
+
+- name: Drop PVE-provided ciphers, when undefined
+  lineinfile:
+    regexp: "^Ciphers .*"
+    dest: /root/.ssh/config
+    state: absent
+  when: pve_ssh_ciphers is not defined
+
diff --git a/vars/debian-bullseye.yml b/vars/debian-bullseye.yml
index b0ae04fa..773c2275 100644
--- a/vars/debian-bullseye.yml
+++ b/vars/debian-bullseye.yml
@@ -1,5 +1,4 @@
 ---
 pve_release_key: proxmox-ve-release-7.x.asc
 pve_release_key_id: DD4BA3917E23BF59
-pve_ssh_ciphers: "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com"
-pve_ceph_repository_line: "deb http://download.proxmox.com/debian/ceph-pacific bullseye main"
\ No newline at end of file
+pve_ceph_repository_line: "deb http://download.proxmox.com/debian/ceph-pacific bullseye main"