Cisco 3850 Switch Management Question.

This may be a ridiculous question, however I will ask anyway...

I have searched for a while for this and have not come up with much, but we have a Cisco 3850 that has an Layer 3 interface configured for MPLS. My boss wants to set up the device so that we can access it via its public IP address while Telco works on the circuit. This won't be a permanent solution.

The questions I have are as follows:

1. Is it possible to change the back plane to dedicate one of the TenGig interfaces as Management instead of the Ethernet 0/0 interface on the back?
2. Or is it possible to allow SSH through the MPLS interface, even though that interface would not be in the Management VRF? Perhaps an access-list or something is needed?
3. I am seeing the vrf-also command a lot in my research, am I correct when I say that this is only applicable when an ACL is involved?

Where I stand currently is, I've got SSH configured, my RSA key set and all that. The default route points to the correct next hop. The problem I'm seeing is that even with SSH debugs enabled, I'm not getting any logs on the switch when I attempt connectivity, though the switch is pingable.

Any help would be wonderful.

​