Fwknop uses Single Packet Authorization. The idea is to ask the server to open port 22 once a secret password is provided.
In this fashion, port 22 is effectively disabled until someone "knocks". This extra layer of security would make 0-day exploits much more difficult.
It would be great if port-knocking could be added into existing SSL-based software.