diff --git a/setup/system.sh b/setup/system.sh
index 3f5efcf3..0e0960fc 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -220,9 +220,9 @@ APT::Periodic::Verbose "1";
 EOF
 
 # Harden SSH and disable weak ciphers
-echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128" >> /etc/ssh/sshd_config
-echo "MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" >> /etc/ssh/sshd_config
-
+grep -q -F "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
+MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" /etc/ssh/sshd_config || echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128 \
+MACs hmac-sha1,umac-64@openssh.com,hmac-ripemd160" >> /etc/ssh/ssh_config
 
 # ### Firewall