For some reason it took me until now to realize it was possible to explicitly disable non-AEAD authentication in OpenSSH:
github.com/GrapheneOS/inf
It doesn't really change anything but it's nice not having anything in that useless list of legacy authentication methods anymore.
Conversation
Can also do this for the client configuration with the same option. It just disables negotiating any legacy non-MAC authentication so if there aren't AEAD ciphers available it won't connect. It shouldn't really do anything if you only have AEAD ciphers enabled, but why not?