Finally figure out the Cisco SSH FreeBSD problem. Not being able to connect to the switch because Cisco uses old “insecure” ddiffie-hellman-group1-sha1. And the cure is...
Host switch, router
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
Ciphers +aes128-cbc
Switch* is the name of your prefix switches and router* is the prefix name.
:–)