[xaphod]

I hate the praise that fail2ban gets. It is useful, but it is not securing anything really, unless maybe you run a public ssh box that has other users who have bad passwords. It will keep the logs cleaner though. A better way to secure SSH on a web server would be to restrict access by firewall and/or disallow password logins.

[orthecreedence]

Agreed, password SSH logins belong nowhere on a box that needs to be secured. Shared key authentication (with a passworded private key) is a lot more secure.