true, but i would point out that if its your core equipment that you are accessing from your network that sits directly on the core then you should be happy with the fact that no one is eavesdropping and it makes no difference.
not everyone has out-of-band networks for management. Management of devices is sometimes done thousands of miles away. Remember also that this traffic can be sniffed before it gets to the core (yes, ssh is sniffable aswell, but just not as easily, and atleast it's not in plaintext)
this is in-band. if as you say you are accessing from another network then this is where the encryption kicks in being useful, however that raises another question - do you just allow any host to connect providing they can authenticate? i know my login ports are restricted at both network and host level to specific authorized addresses...
so thats my main logic, authentication... i cant understand the big paranoia on people sniffing tho!
unfortunately ssh is just as sniffable if it's an arp spoof, but hopefully it's not as easy for the naughty eavesdropper to get into the right position for that....
exactly, its probably easier to hack the box by other means than sniffing auth details! Steve