Added sntrup761x25519-sha512@openssh.com as KEX since it is recommended by ssh-audit now.

OPNsense-20.7-and-newer.md

@@ -42,7 +42,7 @@ To find out what algorithms your `ssh` client supports, you can run these comman
 
 A good starting point is to select the following options for maximum compatibility with the probability that your client won't use the strongest/fastest option. As the algorithms may differ in computation speed or in the provided level of security, and their applied order in the OPNsense SSH server's config is nondeterministic (limitation of the current UI kit, it can't take into account the order of the selection), what you'd preferably want is to choose the strongest algorithms that are supported on both ends of the connection, otherwise, you won't be able to SSH into OPNsense until you find the middle ground. 
 
-- KexAlgorithms: `curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256`
+- Key exchange algorithms: `curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,sntrup761x25519-sha512@openssh.com`
 - Ciphers: `chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr`
 - MACs: `hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com`
 - HostKeyAlgorithms: `ssh-ed25519,ssh-ed25519-cert-v01@openssh.com`