Fascinating! I learned about fail2ban this week as well as how to search for bad SSH actors -- I was amazed at the traffic requests my Linode was getting decked with.
If your SSH logins are key-only (and they should be) then fail2ban is unnecessary IMO. No one is going to gain access without your private key, and while it's a nice feeling that the bad actors are "blocked" - fail2ban is using more resources to block them than their attempts are using.
Assuming you aren't getting 1000s per minute, of course.
I was on this step. After some time you'll hate fail2ban. Big part of attacks comes from hacked "regular desktops", by blocking their IP permanently you will block access for legitimate (and non-hacked) users - providers often change user's IP.
Fail2ban (and IP blocking in general) breaks down a bit on IPv6 when the attacker has a /48 or /64. Are you going to block a single IP address or the whole netblock? What size block is safe to not cause collateral damage for e.g. mobile users?