diff --git a/salt/common/tools/sbin/so-ssh-harden b/salt/common/tools/sbin/so-ssh-harden
index 532e2f737..bdec9894b 100755
--- a/salt/common/tools/sbin/so-ssh-harden
+++ b/salt/common/tools/sbin/so-ssh-harden
@@ -38,12 +38,14 @@ print_diff() {
 	fi
 }
 
-add_if_missing() {
-	local string=$1
-	if ! grep -q "$1" $temp_config; then
-		printf "%s\n\n" "$1" >> $temp_config
-		reload_required=true
+replace_or_add() {
+	local type=$1
+	local string=$2
+	if grep -q "$type" $temp_config; then
+		sed -i "/$type .*/d" $temp_config
 	fi
+	printf "%s\n\n" "$string" >> $temp_config
+	reload_required=true
 }
 
 test_config() {
@@ -76,7 +78,7 @@ main() {
 	if [[ $verbose ]]; then print_diff; fi
 
 	if [[ $before != "$after" ]]; then
-		add_if_missing "$cipher_string" && test_config || exit 1
+		replace_or_add "ciphers" "$cipher_string" && test_config || exit 1
 	fi
 
 	# KexAlgorithms
@@ -90,7 +92,7 @@ main() {
 	if [[ $verbose ]]; then print_diff; fi
 
 	if [[ $before != "$after" ]]; then
-		add_if_missing "$kexalg_string" && test_config || exit 1
+		replace_or_add "kexalgorithms" "$kexalg_string" && test_config || exit 1
 	fi
 
 	# Macs
@@ -103,7 +105,7 @@ main() {
 	if [[ $verbose ]]; then print_diff; fi
 
 	if [[ $before != "$after" ]]; then
-		add_if_missing "$macs_string" && test_config || exit 1
+		replace_or_add "macs" "$macs_string" && test_config || exit 1
 	fi
 
 	# HostKeyAlgorithms
@@ -116,7 +118,7 @@ main() {
 	if [[ $verbose ]]; then print_diff; fi
 	
 	if [[ $before != "$after" ]]; then
-		add_if_missing "$hostkeyalg_string" && test_config || exit 1
+		replace_or_add "hostkeyalgorithms" "$hostkeyalg_string" && test_config || exit 1
 	fi
 
 	if [[ $reload_required == true ]]; then
diff --git a/setup/so-setup b/setup/so-setup
index a742630f7..584dc7933 100755
--- a/setup/so-setup
+++ b/setup/so-setup
@@ -906,7 +906,7 @@ set_redirect >> $setup_log 2>&1
 	set_progress_str 85 'Applying finishing touches'
 	filter_unused_nics >> $setup_log 2>&1
 	network_setup >> $setup_log 2>&1
-	so-ssh-harden -q >> $setup_log 2>&1
+	so-ssh-harden >> $setup_log 2>&1
 
 	if [[ $is_manager || $is_import ]]; then
 		set_progress_str 87 'Adding user to SOC'