Port knocking to secure SSH service on Debian and Ubuntu servers.
The port knockingconcept has been around for a while, and there
are many different port knocking implementations. The core idea
is that you send a sequence of innocuous looking packets to a
server, which have the effect of adjusting the firewall rules to
allow you to connect through on a port that was previously
firewalled off.
Originally, this was simply conceived as a series of connection
attempts to closed ports in a specific order. The "knock" would
be something like trying to connect to ports 12, 23, 18, 66, or
whatever, in that order, over a specific period of time.
The problem with the original concept was that if your port
sequence was observed by passive eavesdropping, it was easily
replayable. The obvious solution was to develop a port knocking
system that did not allow for replay attacks. Such a solution
suggests the use of cryptography.
And this is where the insanity begins. People started
implementing all kinds of stuff to achieve this goal, and along
the way lost sight of the original intent behind port knocking.