diff --git a/tasks/ssh_cluster_config.yml b/tasks/ssh_cluster_config.yml
index 02d9a6df..8667234c 100644
--- a/tasks/ssh_cluster_config.yml
+++ b/tasks/ssh_cluster_config.yml
@@ -69,3 +69,12 @@
     create: yes
     mode: 0644
     dest: /root/.ssh/config
+    state: present
+  when: pve_ssh_ciphers is defined
+
+- name: Drop PVE-provided ciphers, when undefined
+  lineinfile:
+    regexp: "^Ciphers .*"
+    dest: /root/.ssh/config
+    state: absent
+  when: pve_ssh_ciphers is not defined
diff --git a/vars/debian-bullseye.yml b/vars/debian-bullseye.yml
index f66a3a21..d559cff1 100644
--- a/vars/debian-bullseye.yml
+++ b/vars/debian-bullseye.yml
@@ -2,3 +2,4 @@
 pve_release_key: proxmox-ve-release-7.x.asc
 pve_release_key_id: DD4BA3917E23BF59
 pve_ssh_ciphers: "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com"
+pve_ceph_repository_line: "deb http://download.proxmox.com/debian/ceph-pacific bullseye main"