sshd: "no hostkey alg" fixed but still confused

Apparently Fedora 35 does not list ssh-rsa in HostKeyAlgorithms or PubkeyAcceptedKeyTypes so trying to ssh from an old CentOS 6 machine yielded an error: $ ssh as1s16.intra.corp.us no hostkey alg So I added options after the Include in /etc/ssh/sshd_config: Include /etc/ssh/sshd_config.d/*.conf HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa but same error. Then I ran sshd like this: # /usr/sbin/sshd -ddd ... debug3: /etc/ssh/sshd_config:20 setting HostKeyAlgorithms +ssh-rsa debug3: /etc/ssh/sshd_config:21 setting PubkeyAcceptedKeyTypes +ssh-rsa ... debug1: SELinux support disabled [preauth] ... debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth] debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] but same error. Then I removed the options ran sshd like this: # /usr/sbin/sshd -ddd -oHostKeyAlgorithms=ssh-rsa and it worked. I was able to successfully ssh in from the CentOS 6 client. So then I put the options BEFORE the Include: HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa # To modify the system-wide sshd configuration, create a *.conf file under # /etc/ssh/sshd_config.d/ which will be automatically included below Include /etc/ssh/sshd_config.d/*.conf and it worked. Why would I need to put these directives BEFORE the Include? Shouldn't they go after to override the defaults?