diff --git a/openssh-reenable-dh-group14-sha1-default.patch b/openssh-reenable-dh-group14-sha1-default.patch
new file mode 100644
index 0000000..8a70958
--- /dev/null
+++ b/openssh-reenable-dh-group14-sha1-default.patch
@@ -0,0 +1,41 @@
+diff --git a/myproposal.h b/myproposal.h
+index 5312e60..83fd62d 100644
+--- a/myproposal.h
++++ b/myproposal.h
+@@ -33,7 +33,8 @@
+ 	"diffie-hellman-group-exchange-sha256," \
+ 	"diffie-hellman-group16-sha512," \
+ 	"diffie-hellman-group18-sha512," \
+-	"diffie-hellman-group14-sha256"
++	"diffie-hellman-group14-sha256," \
++	"diffie-hellman-group14-sha1"
+ 
+ #define KEX_CLIENT_KEX KEX_SERVER_KEX
+ 
+diff --git a/ssh_config.5 b/ssh_config.5
+index d5888f2..100563e 100644
+--- a/ssh_config.5
++++ b/ssh_config.5
+@@ -1170,7 +1170,8 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ diffie-hellman-group-exchange-sha256,
+ diffie-hellman-group16-sha512,
+ diffie-hellman-group18-sha512,
+-diffie-hellman-group14-sha256
++diffie-hellman-group14-sha256,
++diffie-hellman-group14-sha1
+ .Ed
+ .Pp
+ The list of available key exchange algorithms may also be obtained using
+diff --git a/sshd_config.5 b/sshd_config.5
+index 0f5fe53..97364f5 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -986,7 +986,7 @@ curve25519-sha256,curve25519-sha256@libssh.org,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ diffie-hellman-group-exchange-sha256,
+ diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
+-diffie-hellman-group14-sha256
++diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
+ .Ed
+ .Pp
+ The list of available key exchange algorithms may also be obtained using
diff --git a/openssh.changes b/openssh.changes
index d58c5f3..585a3df 100644
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Jan 22 21:06:42 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
+
+- Improve robustness of sshd init detection when upgrading from
+  a pre-systemd distribution.
+
+-------------------------------------------------------------------
+Fri Jan 22 03:30:59 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
+
+- Add openssh-reenable-dh-group14-sha1-default.patch, which adds
+  diffie-hellman-group14-sha1 key exchange back to the default
+  list (bsc#1180958). This is needed for backwards compatibility
+  with older platforms.
+
 -------------------------------------------------------------------
 Fri Jan 22 02:54:02 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
 
diff --git a/openssh.spec b/openssh.spec
index 6f1eca9..7926c7c 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -107,6 +107,7 @@ Patch39:        openssh-8.1p1-use-openssl-kdf.patch
 Patch40:        openssh-8.1p1-ed25519-use-openssl-rng.patch
 Patch41:        openssh-fips-ensure-approved-moduli.patch
 Patch42:        openssh-link-with-sk.patch
+Patch43:        openssh-reenable-dh-group14-sha1-default.patch
 BuildRequires:  audit-devel
 BuildRequires:  automake
 BuildRequires:  groff
@@ -129,6 +130,8 @@ BuildRequires:  pkgconfig(krb5)
 %else
 BuildRequires:  krb5-mini-devel
 %endif
+Requires(pre):  findutils
+Requires(pre):  grep
 
 %description
 SSH (Secure Shell) is a program for logging into and executing commands
@@ -166,6 +169,8 @@ Summary:        SSH (Secure Shell) server
 Group:          Productivity/Networking/SSH
 Requires:       %{name}-common = %{version}-%{release}
 Recommends:     audit
+Requires(pre):  findutils
+Requires(pre):  grep
 Requires(pre):  shadow
 Requires(post): %fillup_prereq
 Requires(post): permissions
@@ -350,8 +355,9 @@ mkdir -p %{_tmpenableddir} || :
 if [ -x %{_bindir}/systemctl ]; then
     %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
 else
-    if [ x$(find %{_sysconfdir}/init.d/rc[35].d -name 'S*' -type l -exec readlink -f {} \; | grep sshd$ | uniq) \
-        == x%{_sysconfdir}/init.d/sshd ]; then echo "enabled" > %{_tmpenabledfile} || :; fi
+    if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
+        -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
+    then echo "enabled" > %{_tmpenabledfile} || :; fi
 fi
 
 %pre server
@@ -362,14 +368,14 @@ getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstate
 test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
 %endif
 
-
 # See %%pre.
 mkdir -p %{_tmpenableddir} || :
 if [ -x %{_bindir}/systemctl ]; then
     %{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
 else
-    if [ x$(find %{_sysconfdir}/init.d/rc[35].d -name 'S*' -type l -exec readlink -f {} \; | grep sshd$ | uniq) \
-        == x%{_sysconfdir}/init.d/sshd ]; then echo "enabled" > %{_tmpenabledfile} || :; fi
+    if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
+        -exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
+    then echo "enabled" > %{_tmpenabledfile} || :; fi
 fi
 
 %service_add_pre sshd.service