Here, most geeks would wax lyrical about the relative strengths of different encryption schemes and algorithms.
Being a simpler mind, I prefer a different metric for how good your scheme is, or effectivness of obfuscation (also see entropy:
How many bytes does a would-be intruder have to get exactly right?
| Authentication method | Number of bytes |
|---|---|
| Password | Password length (varies, how long is yours?) |
| Alternate Port | Port number (2 bytes, it's a 16 bit value, remember) |
| Port Knocking | Number of ports in sequence * 2 (still a 16 bit value) |
| Single Packet Authentication | 2 bytes (the port) plus Max 1440 (IPv4/Ethernet) or 1220 (IPv6/Ethernet) |
| Key Only | Number of bytes in key (depending on key strength, up to several kB) |
You can of course combine several methods (and piss off your users), or use two factor authentication (OpenSSH supports several schemes).