We are getting the following SHA error after the Linux server was patched. But when the user checks the console, it is at sha2 already.  Is this something else that CAPAM require?

Couldn't agree either on kex algorithm (our: 'ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-nistp521,diffie-hellman-group14-sha1', peer: 'curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512') or host key algorithm (our: 'ssh-rsa', peer: 'rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519')

Release : 3.4

Component :

There are several possible  causes. In this case sshd  update was the underlying cause

update-crypto-policies --show ( if its set to FUTURE) then

   update-crypto-policies --set DEFAULT

   systemctl restart sshd