Even upgraded from PAM 4.04 to version 4.1.2.01 but yet having the issue to SSH via MindTerm to Cisco Routers ASA that were upgraded from SHA-1 to SHA-2 but when trying to use PAM's SSH the session immediately generates this message and don't allow the connection.
Couldn't agree either on kex algorithm (our: 'ecdh-sha2-nistp384,ecdh-sha2-nistp256,ecdh-sha2-nistp521,diffie-hellman-group14-sha1', peer: 'diffie-hellman-group14-sha256') or host key algorithm (our: 'ssh-rsa', peer: 'ssh-rsa')
Even adding Key Exchange diffie-hellman-group14-sha256 in PAM Cryptography forSSH Mindterm yet having the issue.
Release : 4.1.2
Looking in the logs noticed that sounds trying connection with TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and disconnected.
The CISCO ASA Router is using Key Exchange diffie-hellman-group14-sha256.
Even having this Key Exchange available in PAM 4.1.2 in the specific use case it was still necessary to go to the Encryption configuration in Configuration -> Security -> Cryptography -> SSH Mindterm and put in front of all other Key Exchanges specifically the diffie-hellman-group14-sha256.