1. Open ssh_config / sshd_config – the first file is the configuration file for the client, the second is for the daemon (SSH server).
2. Uncomment Ciphers section and leave it as:
Ciphers aes128-cbc,aes256-cbc
This will ensure that only aes128 and aes256-cbc ciphers will be used.
3. Add the following line:
KexAlgorithms diffie-hellman-group14-sha1
This will ensure that this will be the only supported key exchange method.
4. To drop SSH packets with certain size you can always use the good old iptables:
iptables -A INPUT -p tcp -m length --length 1400:1500 --dport 22 -j DROP
This will drop all incoming packets with size between 1400 and 1500 for port 22 (the SSH port).