From daf7f7b34b1ad01d8b166bf2fb90a91ec574091e Mon Sep 17 00:00:00 2001
From: Steve Smith <ssmith@atlassian.com>
Date: Tue, 16 Nov 2021 15:28:23 +1100
Subject: [PATCH] DCD-1378: Replace an existing line if it exists.

---
 roles/linux_common/tasks/amazon.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/linux_common/tasks/amazon.yml b/roles/linux_common/tasks/amazon.yml
index a036fdb..9dc15ae 100644
--- a/roles/linux_common/tasks/amazon.yml
+++ b/roles/linux_common/tasks/amazon.yml
@@ -13,6 +13,7 @@
     path: "/etc/ssh/sshd_config"
     # Drop insecure ciphers, currently 3des-cbc only. You can get the
     # full list with `sshd -T | grep -i ciphers`
+    regexp: '^[Cc]iphers'
     line: "Ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc"
     insertbefore: "BOF"
   ignore_errors: yes  # No sshd == no problem