Ssh / VPN access from dynamic IPs / while traveling. knockd or dynDNS based authentication?
What are the advantages and disadvantages of using knockd versus using dynamic DNS authentication to log into ssh or VPN from a dynamic IP or while traveling (like some random hotel IP)? Ideally, any device with ssh / VPN client capabilities should be able to use any additional client software.
(An alternative that supports opening ssh / VPN ports for everyone is not very attractive.)
I tend to advocate for knockout (or other demons to detonate a port) because he doesn't rely on the outside, keeping his stuff uncompromising ...
source to share
Are you really afraid that your SSH port is open? What will happen?
You have denied root access, you have installed something like BFD or denyhosts, you are only using public key authentication ... do you really think this is not secure?
Adding something like knockd is, IMHO, it will probably lead to a false sense of security.
source to share