It seems a bunch of older brute force tools for ssh used old key exchange methods that are not marked as vulnerable and/or weak. I've locked down my SSH by limiting the service to those ciphers that are known to still be strong and unbroken however attackers are still trying and they get stopped preauth with that error being logged.
sshd: fatal: Unable to negotiate with 0.0.0.0 port 37618: no matching key exchange method found. Their offer: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 [preauth]
The part after offer can vary.