tl;dr: (1) Is there a way to do this? Does binding the SSH daemon to, e.g., a management VLAN break anything?
Is there a setting in Proxmox's GUI (or in the CLI, I suppose) to bind the SSH daemon to a specific network interface? I know I can edit the config files manually via SSH or the web shell, but it seems like this would be useful, especially when setting up multiple VLANs and adding a management VLAN that is supposed to be the only pathway to access the machine's web GUI/SSH shell.
Though, as I type this, now I'm wondering if this would break ZFS replication or something. Doesn't it depend on SSH? So binding the daemon just to listen for connections on the management interface is probably a bad idea. It would also need to be bound to whatever interface is doing ZFS replication, which really makes this seem like a setting that should be exposed and managed in the GUI…
EDIT: After thinking about it a bit more, is this one of the things the Firewall in PVE is meant to handle?
Is there a setting in Proxmox's GUI (or in the CLI, I suppose) to bind the SSH daemon to a specific network interface? I know I can edit the config files manually via SSH or the web shell, but it seems like this would be useful, especially when setting up multiple VLANs and adding a management VLAN that is supposed to be the only pathway to access the machine's web GUI/SSH shell.
Though, as I type this, now I'm wondering if this would break ZFS replication or something. Doesn't it depend on SSH? So binding the daemon just to listen for connections on the management interface is probably a bad idea. It would also need to be bound to whatever interface is doing ZFS replication, which really makes this seem like a setting that should be exposed and managed in the GUI…
EDIT: After thinking about it a bit more, is this one of the things the Firewall in PVE is meant to handle?
Last edited: