NOW, at last, I can once again access my network from the outside; and this is how I discovered that port-knocking had in effect completely closed all access to gitolite… except if you danced the right port-knocking dance, of course
To solve this situation, I opened a new port on the server:
2222, and I made OpenSSH listen to this new port in addition to the regular port
22. The lines added to
sshd_config are these:
Match LocalPort 2222
The last two lines are necessary, or port-knocking on port
22 becomes useless: if anyone can freely use port
2222, why bother with port-knocking on port
22, right? So OpenSSH will accept connections on both ports, but only gitolite can actually use the unprotected port.
I sincerely apologize to all the people who tried to access Git on my server and could not because of this. The article on Paperweb has been updated accordingly.