diff --git a/cloud_setup.sh b/cloud_setup.sh
index b98a3e8..89daa88 100644
--- a/cloud_setup.sh
+++ b/cloud_setup.sh
@@ -47,20 +47,19 @@ cat <<-EOF > /etc/ssh/sshd_config
 HostKey /etc/ssh/ssh_host_ed25519_key
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
+KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 AcceptEnv LANG LC_*
-AllowGroups root sudo
 Banner /etc/issue.net
 ChallengeResponseAuthentication no
-Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
 ClientAliveCountMax 0
 ClientAliveInterval 300
 Compression no
 HostbasedAuthentication no
-IgnoreUserKnownHosts yes
-KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256                                                                                                        
+IgnoreUserKnownHosts yes                                                                                                        
 LoginGraceTime 20
 LogLevel VERBOSE
-Macs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
 MaxAuthTries 3
 MaxSessions 3
 MaxStartups 10:30:60
@@ -72,7 +71,7 @@ PermitUserEnvironment no
 PrintLastLog yes
 PrintMotd no
 StrictModes yes
-Subsystem sftp internal-sftp
+Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO
 UseDNS no
 UsePAM yes
 X11Forwarding no
@@ -246,17 +245,17 @@ EOF
 echo 'session optional pam_apparmor.so order=user,group,default' > /etc/pam.d/apparmor
 
 # Rsyslog enable log shipping to centralized syslog server
-echo '*.* @@10.128.100.2:514' >> /etc/rsyslog.d/50-default.conf
+#echo '*.* @@10.128.100.2:514' >> /etc/rsyslog.d/50-default.conf
 
 # Disable IPv6 in UFW
 sed -i "/ipv6=/Id" /etc/default/ufw
 echo "IPV6=no" | sudo tee -a /etc/default/ufw
 
 # Enable UFW firewall
-ufw allow 22/tcp
-ufw allow 80/tcp
-ufw allow 443/tcp
-ufw enable 
+#ufw allow 22/tcp
+#ufw allow 80/tcp
+#ufw allow 443/tcp
+#ufw enable 
 
 # Enable Services
 systemctl enable auditd