Except it clearly is a potential issue as long as 3DES is offered. As long as it is offered, it is possible for it to be negotiated, making that session subject to cryptanalytic attack. The only way to definitely and provably avoid this analysis is to prohibit the affected ciphers from being negotiated at all.
It is extremely unlikely a session could fall victim to this. Extremely unlikely does not mean impossible.
Claiming to not be vulnerable when you are is definitely malpractice.
Further, even if sshd has been modified to offer 3DES but to immediately close any connections which end up using it, some people just want the easiest way to get the audit result to go away. In my experience, telling the auditors the vendor said that isn’t a problem is never fast, and everybody forgets about the justification the next time around.
Removing the cipher from the list offered by the server is easy, and it should be permanent until the OS is reinstalled.