We have some older Cisco equipment that runs SSH with some untrusted ciphers. Specifically the key exchange is still using SHA1, which modern Linux distributions have deprecated. You may see something like this:
Unable to negotiate with 22.214.171.124 port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1
You can work around this by putting this in your
Host 126.96.36.199 KexAlgorithms +diffie-hellman-group1-sha1
Borrowed from StackExchange.