NOW, at last, I can once again access my network from the outside; and this is how I discovered that port-knocking had in effect completely closed all access to gitolite… except if you danced the right port-knocking dance, of course ;-)
To solve this situation, I opened a new port on the server: 2222
, and I made OpenSSH listen to this new port in addition to the regular port 22
. The lines added to sshd_config
are these:
Port 2222
Match LocalPort 2222
AllowUsers gitolite
The last two lines are necessary, or port-knocking on port 22
becomes useless: if anyone can freely use port 2222
, why bother with port-knocking on port 22
, right? So OpenSSH will accept connections on both ports, but only gitolite can actually use the unprotected port.
I sincerely apologize to all the people who tried to access Git on my server and could not because of this. The article on Paperweb has been updated accordingly.