> The systems you are trying to SSH to are using outdated host keys, you need to actually update to get security fixes, it will regenerate host keys.

No you don't. rsa-sha2-256 and rsa-sha2-512 are still enabled by default and can use the same key.