Port knocking is when port 22, for example to the SSH service, is closed by default, but when sequentially sending packets to other ports of the knockd service, for example 1234, 1111, 2321, the service sees this and opens port 22 on the firewall so that you can connect.
In simple words - when by default there is no keyhole in the door, but when you press the door in a certain sequence, it appears.
On the one hand, it seems that this is a good solution - but this is only at first. If you think about it, the solution is still bad and here’s why:
1. New ports and one more service
The service itself opens ports to receive the sequence, and the presence of extra ports, be that as it may, only adds vulnerabilities.
2. Possibility of interception
By default, the knockd service operates without encryption and it is possible to intercept the sequence of sent packets.
There are modified solutions like cryptknock where a specific string is sent and a match is checked, but the package itself hasn't been updated in 8 years.
3. PHP script as an alternative
For example, if you have port 443 open for your site by default, a safer option would be a php script, which in turn will allow access to ssh and does not require any additional service.
4. Additional actions
This feature entails regular additional actions and this causes fatigue, which reduces the convenience of interaction and, as a result, work efficiency.
As a conclusion, using port knocking is a bad solution.
5. Proxy & VPN
If we are talking about security and convenience, especially when it is necessary to implement it on several servers, then port knoking looks like a completely makeshift method when you can simply create a VPS with a static IP and allow access only from it. This option is the best alternative; we described the advantages of a proxy in the article:
Proxy - as an access server, we increase the security of a VPS server