Best practices for securing SSH server

[Daniel Underwood]

> Point remains: Adding port knocking does not solve any security problem, it only adds
> complexity, cost, points of failure, inconvenience etc while making your problem appear
> differently and leaving you with the illusion of being more secure.

I think that's grossly overstated, if not just plain wrong.  Ceteris
paribus, a system with port knocking is almost certainly more secure
than a system without port knocking. It's not a guarantee against
penetration.  But even if it's only a heightened "degreee" of security
not an additional "kind" of security measure (as you argue), it's
still heightened security.