Hey
ye its not on some 7ks and 5ks as well not sure why the 3ks have it , but what you can do is lock it to an acl on the vty port so only certain users subnets etc can access , the same below can be done for the mgmt0 interface
From bets practice 7k below same problem no source there the options they give
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/best_practices/cli_mgmt_guide/cli_mgmt_bp/connect.html
..............................
An access class should be applied to the VTY port to increase security by restricting SSH and Telnet access to specific source and destination IP addresses. An access class configured on the VTY port is applicable when using an in-band or out-of-band management strategy. An access-class is configured per traffic direction, in applies to inbound sessions and out applies to outbound sessions.
Statistics can be enabled with the access list statistics per-entry. The following example illustrates a basic policy that permits SSH traffic from a specific subnet to all IP addresses configured in the current VDC. All traffic is permitted if an access-class is applied to the VTY port and the associated access-list is deleted from the configuration.
n7000(config)# ip access-list vty-acl-in
n7000(config-acl)# permit tcp x.x.x.x/24 any eq 22
n7000(config-line)# ip access-class vty-acl-in in
