A glance at the logs and it looks like our dedicated servers are fail2banning IPs at pretty much the normal background level—i.e. a fairly steady stream of mostly Chinese addresses all day long.
I would like to take this opportunity to air my grievances regarding fail2ban.
I'm not a security researcher, but fail2ban appears to be a log prettifier instead of an actual security apparatus, as it doesn't actually prevent anyone from logging into your box. Unless you've configured fail2ban to ban IPs after 1 failed attempt, if you don't have a secure password or any other such basic security measures, you are still at risk of getting pwned.
Instead of taking the time with fail2ban, I personally just make sure everyone uses passphrased ssh keys, or use a strong password in conjunction with a yubikey or 2 factor authentication and call it a day.
I'm not a security researcher, but fail2ban appears to be a log prettifier instead of an actual security apparatus, as it doesn't actually prevent anyone from logging into your box. Unless you've configured fail2ban to ban IPs after 1 failed attempt, if you don't have a secure password or any other such basic security measures, you are still at risk of getting pwned.
Instead of taking the time with fail2ban, I personally just make sure everyone uses passphrased ssh keys, or use a strong password in conjunction with a yubikey or 2 factor authentication and call it a day.