Evaluate disabling certain default cipher suites and key-ex algos

[etungsten]

We should evaluate disabling some default SSH cipher suites and key algorithms that might trigger vulnerability scanning tools

[etungsten]

EKS optimized AMI's sshd_config limits the cipher suites to the following by default:

Ciphers aes128-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com

We should consider doing the same. Users can still override with the admin container userdata if they wish.