diff --git a/README.ssh b/README.ssh
index 2edf37b849fa4cb4de1ba6ca4319171e65001e57..596dd21b38ba77b86e4bfdf355cc00ebd5145b17 100644
--- a/README.ssh
+++ b/README.ssh
@@ -41,6 +41,7 @@ made (customizeable parameters are called out):
 * Listen on all addresses ('listen_addresses', a comma-separated string).
 * Disable SSHv1.
 * Only use RSA host keys.
+* Ed25519 host keys are not used ('ed25519', a boolean).
 * Increase the login timeout to 5 minutes.
 * Limit authentication attempts to 5 ('max_tries', an integer).
 * On RHEL-type systems, expicitly enable privilege separation.
@@ -58,7 +59,7 @@ made (customizeable parameters are called out):
 
 For the default SSH client configuration, GSSAPI is enabled, and on RHEL 
 6+ GSSAPI key-exchange and GSSAPI DNS trust are enabled.  That's it.
-  
+
 base::ssh can also be configured to require Duo as a second authentication 
 factor.  To enable this, set the "pam_duo" parameter to true.  When you do 
 that, the following changes are made:
diff --git a/manifests/ssh/config/sshd.pp b/manifests/ssh/config/sshd.pp
index dbe2f5168cf8e5b4b0d571816bcf20b0884e9396..4a503d5f814c1b0bca67b80a680a4b0ceeb3c734 100644
--- a/manifests/ssh/config/sshd.pp
+++ b/manifests/ssh/config/sshd.pp
@@ -30,7 +30,7 @@
 define base::ssh::config::sshd(
   $ensure            = 'present',
   $gitolite          = false,
-  $ed25519           = true,
+  $ed25519           = false,
   $hostbased         = false,
   $pubkey            = false,
   $password          = true,