Reading at the release notes for OpenSSH 8.2, https://www.openssh.com/txt/release-8.2 , rsa1 is now deprecated and considered broken. So Microsoft decided that their systems should no longer support it (I suppose that makes sense). However, they still don't support ecdsa or ed25519.
It is possible to reenable rsa 1 by inserting this in /home/<user>/.ssh/config: (as stated in Microsoft forum here: https://developercommunity.visualstudio.com/content/problem/923455/cannot-interact-with-git-repos-with-openssh-82.html )
KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1
So how does one create a secure authentication to Azure DevOps?
Azure DevOps does not currently support any secure method of connecting over SSH.
The group 14 with SHA-1 is 2048 bits in size and is at the lower end of acceptable strength (112-bit equivalent). In this case, SHA-1 is used not for signatures, but as a PRF for generating key data. This isn't insecure, although of course using a non-SHA-1 algorithm would be better. Group 1 is too weak to be secure.
However, Azure DevOps lacks support for anything but RSA with SHA-1, and that's definitely insecure. RSA with SHA-2 isn't possible because Azure DevOps doesn't negotiate the extensions necessary to use SHA-2, and there are no other key types supported.
Your best bet is to use HTTPS for access to Azure DevOps, or move to a more secure platform. Note, however, that you may want to force TLS 1.2 because Azure DevOps supports TLS 1.0 and 1.1, both of which are considered insecure and deprecated. You can do so by setting http.https://dev.azure.com.sslVersion to tlsv1.2.