I don't like it because it opens up the possibility of someone on the same network as me locking me out of my own server.
Sure, it's unlikely, but I don't see what I'd be gaining using fail2ban in the first place. I don't leave password authentication enabled, of course.
Log spam is a bit annoying, but at the end of the day, who cares? Even with the ongoing attempts, my authlog is like 300K uncompressed today and 60-120K per day gzipped. Whatever.
If I cared about that I would prefer to just block Chinese IP ranges outright.
Sure. But why? We're talking about 1MB to keep a week's worth of logs. It's just not worth even a minor hassle, or the most remote possibility of failure.
True, but having supported an sftp server for other b2b clients to upload data, ssh keys are black magic to too many people. I can't count the hours I've spent trying to explain them, how to generate them and why you should never "show anyone your privates", just your publics.
I never had an issue with authentication. My issue was a typo in sudoers (I allowed a user to view syslog, iirc, and had a semicolon instead of a colon) that prevented me from using sudo, as only my primary user was allowed to log in via ssh. Fortunately cloud vps still has vnc login, and I actually had a root password. Now I use a root shell to edit sudoers, so I can test it before dropping root.
Sure, it's unlikely, but I don't see what I'd be gaining using fail2ban in the first place. I don't leave password authentication enabled, of course.
Log spam is a bit annoying, but at the end of the day, who cares? Even with the ongoing attempts, my authlog is like 300K uncompressed today and 60-120K per day gzipped. Whatever.
If I cared about that I would prefer to just block Chinese IP ranges outright.