In addition to trying other SFTP clients or even SSH, have you tried setting up a new Duplicati job? Possibly something changed that somehow invalidated the ssh-fingerprint that got stored long ago.
You don’t need a complete job, just a Destination screen where you can click Test connection.
Well, if you want to drill rather deep, you can see how far it gets before its connection gets closed.
9 - Cryptography Basics - SSH Protocol Explained shows Wireshark lines to expect. Ignore detail. Approximately identifying the problem spot is a nice start (just look for a few lines) on the analysis.
SSH is not SSL. Duplicati does use SSL/TLS in many places, so config is potentially a global one.
is the idea I mean. Technically, people on the web think SecurityProtocol is per application domain.
How to use SSL3 instead of TLS in a particular HttpWebRequest?