Can less secure ciphers be removed?

Yes, if ciphers are not being used by the storage controller nor the client they can be removed.

The following SSH key exchange algorithms are supported and enabled by default:

Data ONTAP, which serves as an SSH server, automatically selects the most secure SSH key exchange algorithm that matches the client.
- The diffie-hellman-group-exchange-sha256 SSH key exchange algorithm for SHA-2
- The diffie-hellman-group-exchange-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group1-sha1 SSH key exchange algorithms for SHA-1
For ciphers, the following counter (CTR) mode and cipher block chaining (CBC) mode of the AES and 3DES symmetric encryptions and enabled by default:
The CTR mode ciphers are more secure than the CBC mode ciphers. Among ciphers of the same mode, the higher the key size, the more secure the cipher.
aes256-ctr
aes192-ctr
aes128-ctr
aes256-cbc
aes192-cbc
aes128-cbc
3des-cbc