Administrators have the ability to control which SSL Key algorithms are used to establish connections with Verify Identity Access.

To override the set of supported algorithms, create an advanced tuning parameter called sshd.HostKeyAlgorithms. The value should
be the list of algorithms that you want to Verify Identity Access to support. The syntax of this list should be a valid set of algorithm names for the SSH Daemon config
file's "HostKeyAlgorithms" entry.

Example:

ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,rsa-sha2-256,rsa-sha2-512

Once the Advanced tuning parameter has been created, administrators can verify that the list of supported key exchange algorithms sent with
connection attempts to the Verify Access ssh daemon match the expected configuration.

host:~$ ssh -v admin@myidp.ibm.com
OpenSSH_9.9p1, OpenSSL 3.2.4 11 Feb 2025
debug1: Reading configuration data /etc/ssh/ssh_config
. . .
debug1: Connecting to myidp.ibm.com [192.168.42.101] port 22.
debug1: Connection established.
. . .
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.7
debug1: compat_banner: match: OpenSSH_8.7 pat OpenSSH* compat 0x04000000
debug1: Authenticating to myidp.ibm.com:22 as 'admin'
. . . 
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: (no match)
Unable to negotiate with myidp.ibm.com port 22: no matching host key type found. Their offer: ssh-rsa