SSH configuration (security)


Active Member
Jan 26, 2018
before I change and run into troubles: is it possible to change the SSH port and deny root-login for security reasons or does anything internal (sync cluster for example) depend on it?


The Cluster Tunnel Daemon creates a ssh tunnel to the postgres database in other cluster nodes.
btw changing SSH Port does not increase security.
btw changing SSH Port does not increase security.

It is your opinion. We can see millions of brute & forces per day - and do you know if everybody has a "good" password? Atleast it doesnt DEcrease security ...

Disallow direct root - login maybe one of the basic things one should do on machines reachable public. Well, everybody has its own opinion / experiences ... therefor i asked.

Maybe it would be an idea for the future, that the system uses another user to connect the nodes?
Use fail2ban, firewalling, proper sshd_config (root only from certain ips) settings and better authentication methods to increase security.
If you just change a port the brute-force attacks will continue on the other port.
Last edited:


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!