1) You have legacy equipment that does not support ssh, and/or your vendor does not include ssh in every release of code (specifically, code you need to run.) You can normally work around this - worst case, run a null-modem between
2) Your vendor's ssh authentication creates a secure connection, and transfers the password securely, only to then send the password, unencrypted, to an authentication server for verification, making ssh moot. Bad design - but again, you can usually work around it. VPN tunnel (or SSH
that box and the closest box that *does* support SSH, allow normal console logins on that port.... port forwarding) to the auth server springs to mind (if supported) or a dedicated OOB mininetwork in the 1918 range just for the authentications. even legacy 10base2 would be ok for that - it is not as if speed matters for it. Or just use local logins for each one - I know it is much cleaner for admin purposes to have a central auth server (add username once, in one place) but a push-out solution *can* be made to work...