I like this analysis, but I'm having a hard time seeing the advantage over port-knocking, which could also be randomized using OTP and would never reveal the SSH server to a port scan.

Zero window seems better than a 30 second window.

Excellent points otherwise.