> Portknocking is far too easy to beat and really doesn't impede much.
If you have to guess a random 3 port sequence in a 65k port space, how long will it take you to break? at 1 try of 3 ports per second I get almost 9 million years for exhaustive search.
Why guess when you can just sniff the network for the sequence?
Port knocking requires the network that you're using to knock is in fact as secure and trusted as the one you're knocking. So there's really no point as you could easily just limit SSH access to that network and save yourself all the bother and risk.
If you have to guess a random 3 port sequence in a 65k port space, how long will it take you to break? at 1 try of 3 ports per second I get almost 9 million years for exhaustive search.