It does not seem hmac-sha2-256 is available on 11.6.* at all.
rpm -qa |grep ssh-server
openssh-server-4.3p2-72.el5_6.3.0.0.3
grep MAC /var/run/config/sshd_config
MACS hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
man sshd_config
...
MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol version 2 for data integrity pro-
tection. Multiple algorithms must be comma-separated. The default is “hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96”.
...
strings /usr/sbin/sshd |grep mac
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
hmac-sha1
macs
%s line %d: Bad SSH2 mac spec '%s'.
%s: can not init mac %s
%s: bad mac key length: %u > %d
unsupported mac %s
no matching mac found: client %s server %s
mac_compute: no key
mac_compute: mac too long
mac %s len %d
mac_init: found %s
mac_init: unknown %s
bad mac %s [%s]
mac ok: %s [%s]
macs ok: [%s]
hmac-sha1-96
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
However, on v13.1.0.4:
rpm -qa |grep ssh-server
openssh-server-6.6.1p1-31.el7.x86_64
openssh-server-sysvinit-6.6.1p1-31.el7.x86_64
ssh -Q mac
hmac-sha1
hmac-sha1-96
hmac-sha2-256
hmac-sha2-512
hmac-md5
hmac-md5-96
hmac-ripemd160
hmac-ripemd160@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha1-etm@openssh.com
hmac-sha1-96-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-md5-etm@openssh.com
hmac-md5-96-etm@openssh.com
hmac-ripemd160-etm@openssh.com
umac-64-etm@openssh.com
umac-128-etm@openssh.com
grep MAC /var/run/config/sshd_config
MACS hmac-sha1
man sshd_config
...
MACS hmac-sha1
MACs Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in protocol ver-
sion 2 for data integrity protection. Multiple algorithms must be comma-separated. The algorithms that contain
“-etm” calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recom-
mended. The default is:
hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
umac-64-etm@openssh.com,umac-128-etm@openssh.com,
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
hmac-md5-96-etm@openssh.com,
hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
hmac-sha1-96,hmac-md5-96
...
So you can either upgrade, or tighten up the acl for SSH access.