If I were to do local backups (i.e. to an external disk) I’d just use the built-in Windows Image Backup which is superior to Duplicati for local Windows backups. (You can do both file-level restores and full-disk image restores with those.) The reason I was using Duplicati was to get off-site backups.
Rclone may work, I’ll have to look into it more, but in any event it’s a hack to work around an issue that should be addressed. If there was a 6-month roadmap that included a “this will most likely be fixed by then” I’d find it acceptable, but I don’t think it’s something I’d want to use long term. At best it’s one more point of failure in a system designed to be relied upon after failure.
The proper, and, from a security perspective, only, fix for this issue is to support modern encryption algorithms in the SSH library. I see two ways to go about doing that: fix the library, or replace the library. The Duplicati devs have the ability to do one of those, so the answer seems obvious.