knock_seq=$(cat ~/.ssh/knock_seq)
let knock_seq++
echo $knock_seq > ~/.ssh/knock_seq
concat_seq_secret=$(echo -n "${knock_seq}$(cat ~/.ssh/secret)")
sha1_output=$(echo -n $concat_seq_secret | sha1sum -b | awk '{print $1}')
final_output="${sha1_output}${knock_seq}"
host=localhost
knocking_port=$(cat ~/.ssh/knocking_port)
echo -n $final_output | nc -u $host $knocking_port
This should prevent against replays. Throw in some rate limits somewhere maybe to not get DDoSed, especially if you let socat `fork`.