It really depends on the scenario. Are you using one server? Do you manage a bunch of servers here and there for various clients? Are you responsible for corporate servers? All of them have different acceptable approaches to security.

On my on personal servers? Single-packet or port knocking or whatever, it's fun to play around - that's how you learn. At the enterprise? The internet can't ssh to anything - you need VPN access, and not just any but the correct VPN access, and the right credentials on audited machines. There's nothing for outsiders to knock on (except maybe the VPN - but that has auto-lockout and password rotation tied into the enterprise auth system)

If someone wanted to do port knocking or similar for enterprise stuff I think that'd be a staunch "Umm, no"