How do I disable sshd algorithms?
As far as I know the OpenSHH does support disabling specific key exchange algorithms or ciphers (and those are actually two different things), by prepending the list of algorithms you want disabled with a hyphen/minus -, although more common is setting up explicitly what you do want to allow.
See: https://man.openbsd.org/sshd_config#KexAlgorithms
If KexAlgorithms is currently not set then your server is using the default settings. You could leave the defaults and disable those two offending weak key exchange algorithms with:
# sshd_config
...
KexAlgorithms -diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1
Or you could set the more explicit strong settings such as (which may break backward compatibility with old clients):
# sshd_config
...
KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]