We got both a pcap dump and a SSH-certificate to connect to a server.

Looking into the pcap shows some TCP packets looking like a port knock, but according to the challenge description they only monitored ports 20-1024. Anyway the sequence clearly looked like Fibonacci, so we simply extended the ports we knock to: 1 1 2 3 5 8 13 21 34 55 89 144 233 377 610 987 1597 2584 4181 6765 10946 17711 28657 46368.

After knocking we simply connected and got the flag.