I too had the same finding on a nessus scan. I did find a solution after hacking around a bit on my prime server.
Steps:
1. SSH into the Prime server
2. Run the shell command
In my case it was the first time I had run it and it conveniently asked me to setup a shell password...so go ahead and do that. Then you will need to run the shell command again
3. You now should see "ade #"
4. Run this to edit the sshd_config - sudo vi /etc/ssh/sshd_config
Normally the ciphers in this file at near the top few sections but Cisco put them at the bottom
5. Find this line "Ciphers aes256-cbc,aes192-cbc,aes128-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,3des-cbc"
6. Remove any ciphers you do not want from that line. (GOOGLE vi if you are unfamiliar with how to do this)
7. Save the file
8. Reboot...and BOOM FIXED!!
nmap scan before:
| encryption_algorithms: (9)
| aes256-cbc
| aes192-cbc
| aes128-cbc
| aes256-gcm@openssh.com
| aes128-gcm@openssh.com
| aes256-ctr
| aes192-ctr
| aes128-ctr
| 3des-cbc
nmap after:
| encryption_algorithms: (3)
| aes256-ctr
| aes192-ctr
| aes128-ctr