diff --git a/roles/fabric/handlers/main.yml b/roles/fabric/handlers/main.yml
index 24945a1..11780a0 100644
--- a/roles/fabric/handlers/main.yml
+++ b/roles/fabric/handlers/main.yml
@@ -1,3 +1,9 @@
+- name: reload sshd
+  service:
+    name: ssh@mgmt
+    state: reloaded
+  when: "'handler' not in ansible_skip_tags"
+
 - name: reload switchd
   service:
     name: switchd
diff --git a/roles/fabric/tasks/main.yml b/roles/fabric/tasks/main.yml
index baa0379..c28d4cb 100644
--- a/roles/fabric/tasks/main.yml
+++ b/roles/fabric/tasks/main.yml
@@ -64,6 +64,14 @@
     mode: 0644
   notify: reload interfaces
 
+- name: Unoverride Cumulus SSH options
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^(PubkeyAcceptedKeyTypes .*)'
+    line: '#\1'
+    backrefs: yes
+  notify: reload sshd
+
 - name: Disable SSH in default VRF
   service:
     name: ssh