Sometimes you have some kit that is just old and isn’t supporting the recent (and secure) key algorithms, if you need to connect (with some consideration of the security implications) you can use something like the below.
The “-v” means verbose, you can see when connecting what the end point is offering, then you can adjust as needed to tweak to the correct ciphers for your situation. Here’s an example:
ssh -v username@server1.domain.com -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-dss -c aes256-cbc
If you need to ssh to older switches with a much newer version of ssh then you’ll need to add something like:
Host *
KexAlgorithms +diffie-hellman-group1-sha1
HostkeyAlgorithms +ssh-dss,ssh-rsa
PubkeyAcceptedKeyTypes +ssh-dss,ssh-rsa
Ciphers +aes256-cbc,3des-cbc
To your ~/.ssh/config