While trying to discover a device /pull config on device/test Credentials of a device with OpenSSH 7.4 or 8.3, later versions; NCM gives error unable to connect to the device. The same device is accessible from NCM server via SSH with same credentials.

Enabled debug on DS by following the steps of KB https://kb.vmware.com/s/article/323701?lang=en_US

Below are the entries in autodisc or commmgr log files:

-----------------------------
Jan 18 11:23:52 :-248285440/10.x.x.x#6: Term: Looking up host "10.x.x.x" (IPv4)
Jan 18 11:23:52 :-248285440/10.x.x.x#6: Term: Connecting to 10.x.x.x port 22
Jan 18 11:23:52 :-248285440/10.x.x.x#6: Term: Server version: SSH-2.0-OpenSSH_8.3
Jan 18 11:23:52 :-248285440/10.x.x.x#6: Term: We claim version: SSH-2.0-PuTTY_Local:_Jan_15_2019_03:45:56
Jan 18 11:23:52 :-248285440/10.x.x.x#6: Term: Using SSH protocol version 2
Jan 18 11:23:52 :-248285440/10.x.x.x#6: Term: Couldn't agree a key exchange algorithm (available: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)
-----------------------------

Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Connecting to 100.x.x.x port 22
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Server version: SSH-2.0-OpenSSH_7.4p1 Debian-10+deb9u7
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: We claim version: SSH-2.0-PuTTY_Local:_Jan_15_2019_03:45:56
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Using SSH protocol version 2
Jan 28 12:32:05 489895680/testCredentials(22344)#6: Term: Couldn't agree a key exchange algorithm (available: curve25519-sha256,[email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256)
Jan 28 12:32:05 489895680/testCredentials(22344)#1: ssh_connect(): 100.x.x.x - Remote device connection failed; check credentials
-----------------------------

NCM versions from 9.6.x till 10.1.3, have support of below KEX Algorithms for device connectivity via CLI & OpenSSH 6.9 has been validated as supported.

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1

If the device has any of the above KEX Algorithms, it can be accessed from NCM via CLI. 

From the error message in the logs, it is evident that devices with higher OpenSSH versions have different / newer KEX Algorithms than the above listed, hence those are not accessible from NCM via CLI.

The workaround here is to:
1) Downgrade the OpenSSH version on device, for CLI access to be successful from NCM versions 9.6.x - 10.1.3.

Or

2) Upgrade NCM to version 10.1.4 or higher, where NCM has support of newer KEX algorithms/Open SSH 8.3 for device communication.
Refer NCM 10.1.4 release notes https://docs.vmware.com/en/VMware-Smart-Assurance/10.1.4/rn/Smart-Assurance-Network-Configuration-Manager-1014-Release-Note.htm, section: What's New in this Release