I mean, you could - it's not going to make things less secure to add port knocking - but I don't know that it makes things significantly more secure. The chances of there being public 0day exploits for a VPN and SSHD at the same time is pretty much zero, especially if you add in additional layers such as 2FA (which I would recommend doing)
If someone is burning multiple private 0day exploits to target you then they are attackers at the level where port knocking is not likely to foil them either.
(And to be clear, I just think that port knocking is a bit silly - not that it's totally ineffective, and it's not what I would call security through obscurity, since it is effectively another auth factor with a simple PIN)
If someone is burning multiple private 0day exploits to target you then they are attackers at the level where port knocking is not likely to foil them either.
(And to be clear, I just think that port knocking is a bit silly - not that it's totally ineffective, and it's not what I would call security through obscurity, since it is effectively another auth factor with a simple PIN)