It seems I was the only one not to know about something that requires a gigantic effort in self-discipline to restrain the geeky part of me from drooling all over the keyboard: port knocking.
Now, what is port knocking, in case you missed the train just like I did?
As Martin Krzywinski himself puts it, port knocking is a method of establishing a connection to a networked computer that has no open ports.
Before a connection is established, ports are opened using a port knock sequence, which is a series of connection attempts to closed ports.
In case it's not that self-evident, let's say it again: your firewall is blocking all access to the target box: no SSH, no HTTPD, no anything. Your box is a dead box as far as port scanning goes.
But: by knocking a set sequence of closed ports, you can trigger a response from the port knocking daemon which stands monitoring the firewall. If the pkd recognizes your knock, and possibly your IP, it instructs the firewall to open up one or more ports and you can happily establish a connection.
Rather obviously, another knock sequence may be used to close down the door(s).
Just add this to your tome of arcane *nix knowledge, it may come handy.
Port knocking web site