[geographomics]

If the port knocking was obscuring an unauthenticated root shell then you would have a good point, but this is a defence in depth measure that adds to the security. It helps because it's one more hurdle for an attacker to bypass.

[lmm]

Layering two actual security measures makes sense. Layering an obscurity measure on a security measure is not really any safer than just having the security measure, just as obscurity alone is not really any safer than nothing.

[geographomics]

It is a security measure, as it involves authentication through the series of knocks. It's a weak security measure on its own, so you obviously wouldn't want to rely on port knocking by itself, but it does have utility in preventing an attacker from discovering the service through a simple port scan.

I don't quite understand why you're saying it adds nothing at all.

[ethbro]

In essence, it's the same argument as "everyone should use encryption, even if it's barely non-trivial for state-level actors to break."

You're not defending against the attacker who is targeting you with this. You're defending against the attacker who is targeting "anyone who is trivially accessible."