OpenSSH: Cannot disable weak algorithms

I am on an RHEL 7.5 and I would like to disable weak crypto algorithms (i.e. CBC-based ciphers, weak MACs, etc.). Hence, I modified /etc/ssh/sshd_config, especially the lines starting with ciphers and macs to exclude the respective weak ciphers. As an example: I removed aes128-cbc,aes192-cbc, aes256-cbc from the Ciphers line in sshd_config and restarted the SSH server. So, when testing the new configuration there is a difference between connecting from within the system that provides the SSH service (i.e. ssh -vv localhost) the weak ciphers are not offered anymore (I look at the peer server KEXINIT proposal section). What is strange is, when connecting from an external system to the target (i.e. ssh -vv target_ip), the cbc-based ciphers are offered again. Is there some sort of second configuration file that overrides sshd_config or what am I missing? Thanks in advance.