Kind of a side point, but while I used to use fail2ban, these days I prefer to just set up ssh with key-only authentication. Then it doesn’t really matter whether someone makes 3 or 300 failed ssh logins a day, since they aren’t going to run any kind of successful dictionary attack.
I have SSH configured for key-only authentication, but I’m still annoyed at seeing my auth.log fill up so quickly!
Hah true, I’ve seen fail2ban sometimes referred to as a log sanitizer.
Hehe. Another reason I like to run sshd on a non-default port - not for security through obscurity but to prevent all the noise in my logs! ;) Well, that and the fact that access to port 443 is almost never blocked by $client firewalls, unlike 22…