Older devices may not support modern ciphers / key exchanges.
While technically they’re insecure it may not be possible to retire the device in question, so here is a work around to allow the weaker Diffie-Hellman group and key exchange.
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa user@device