sshd starts before, let's say, an office VPN connection, sshd may fail to bind to the (non-existant) VPN adapter IP address. This will result in connection attempts being denied and require accessing the machine some other way.
systemd's service files let us define conditions for starting a service. If a service
B need another service
A to already be started, we just need to specify that in
B.service Let's look at the service file for the OpenSSH server,
[unit] block, we find the line
After=network.target auditd.service. The arguments in the
After statement forms a list of services that we require to have already been started, before sshd starts. We can edit
sshd.service and make additions to the
After= line. The example uses a Wireguard connection
wg0. The systemd service for the Wireguard interface is
sudo nano /etc/systemd/system/sshd.service
After editing a
.service file, reload systemd to apply the changes.
sudo systemctl daemon-reload
sshd.service will wait for the VPN service and it's interface to initialize before starting.