1

I have specifically allowed three external machines to SSH into my server. All other traffic will be dropped. Using nmap from another machine, I am unable to see my server's SSH port and it shows filtered.

In this case, is port knocking valuable in my server setup?

2 Answers2

0

No

Essentially, port knocking is like a "secret key", which enables a host to connect to a port, which would otherwise be inaccessible. Given that you already employ a whitelist approach (and that your whitelist is very small), you wouldn't gain anything from adding port knocking to your setup, aside from one more moving part that can fail and be a source of hard-to-debug errors.

My recommendation would be to keep your setup as-is and ensure that you disabled password-based authentication, only allowing public key authentication or similar, depending on your needs.

0

Port knocking is generally used when you have a client that needs to connect to the server, and the client's IP could be changing (e.g. because the client is on an internet connection with a dynamic IP, or the user is mobile). In this case, the client can 'port knock' on the server, to signal the server to allow the client to connect from the IP from which it is 'knocking'.

If all of your clients connect from known/static IP addresses, then port knocking is not necessary.

mti2935
  • 19,868
  • 2
  • 45
  • 64