Prevents some types of distributed slow brute force attack, port scans, and 99.98% of nuisance traffic on the ports. Most effective when interleaved with port-sequence-close and port-trip-wire firewall random-delayed black-hole rules. Note login time window restrictions and fail2ban should also be active.
Obfuscating your ssh traffic over SSL or Iodine tunnel traffic can punch through many sandbox networks that try to jack secure traffic.
People will argue time constrained tap sequences (think Morse code) are also easily logged with a sniffer, but in general fail2ban rules can email you as the ssh noise should be nearly nonexistent.
i.e. One can determine if a route/VPN is attacking secure traffic links, or has uncanny insight into internal security policy.
Some people post bad policies for setting up ssh, email, and web servers...
Setting up knocking should be the first step on a new server image, as many folks lock themselves out the first run (and on some occasions need to re-image the host). =3
Obfuscating your ssh traffic over SSL or Iodine tunnel traffic can punch through many sandbox networks that try to jack secure traffic.
People will argue time constrained tap sequences (think Morse code) are also easily logged with a sniffer, but in general fail2ban rules can email you as the ssh noise should be nearly nonexistent.
i.e. One can determine if a route/VPN is attacking secure traffic links, or has uncanny insight into internal security policy.
Some people post bad policies for setting up ssh, email, and web servers...
Setting up knocking should be the first step on a new server image, as many folks lock themselves out the first run (and on some occasions need to re-image the host). =3