It protects you from every zero day except the very limited set of preauth zero-days.
Look: it is legit to be paranoid about ssh zero-days (I am not, partly because that vulnerability is so valuable that I am very far down on the food chain for it). But if you're paranoid about those, be serious about them. Put an encrypted tunnel in front of sshd, not some goofy authentication scheme.
Remember: if there's a preauth sshd zero day, the SSH connections themselves are attack vectors. TCP is easily hijackable.
Sure.. but now you have to worry about vulnerabilities in whatever software you are using for that. Other than maybe something like a locked down spiped I wouldn't trust anything more than ssh in the first place.
From my perspective the nice thing about something like the 'simple non cryptographic knockd' was that other than decoding ip packet headers it did not read any data from the network.
> if there's a preauth sshd zero day, the SSH connections themselves are attack vectors. TCP is easily hijackable.
Hah, I am not that paranoid :-)
My main concern was always this sort of scenario:
I am on vacation with no internet access, an ssh (or openssl or openvpn) 0day is released, patches are not available. Do I come back from vacation to a compromised host? If I had not been using port knocking when the debian ssh key issue happened, I would have had multiple hosts compromised. So, you can call it goofy, but it made a very real difference in my experience.
I had a machine compromised in 2001 by script kiddies and worms scanning the internet on port 22 and compromising any host they could find with CVE-2001-0144. Not by attackers hijacking TCP connections.
In 2016 I am worried about a 0day being released and scripts kiddies or a worm compromising every host they can find running sshd. This effectively happened to debian systems in 2008. I don't know how you can say that it doesn't make sense when it happened.
I just don't understand the threat model that gives attackers the most valuable RCE vulnerability in a decade, but denies them an ability attackers have had since 1996.
Port knocking does not protect you either. A dedicated attacker can wait and discern your knock pattern and if you have an unpatched server, attack it.
In fact, it can give you a false sense of security from such 0-day exploits.
For most of us, the threat is the exact opposite of a dedicated attacker. It's an opportunist (or automated system) that doesn't need to compromise every system on the Internet. It just needs to compromise enough. You can compromise enough for almost any purpose without getting into getting past port knocking schemes.
How does public key authentication protect you from a 0day in sshd or something like the Debian OpenSSL Predictable PRNG key issue?
In a perfect world where there will never be a 0day in sshd or any further weak key issues, but we don't live in a perfect world.
The one time I've ever had one of my linux machines compromised was from CVE-2001-0144.
When the Debian key issue first came out all of my keys were vulnerable. None of my hosts were compromised because I used port knocking.