> It has the benefit of banning bots that hammer you SSH trying to log in. Even if password auth is disabled.
You can use the built-in firewall for that (`ufw limit ssh`).
> I've had friends that setup a small VPS and they've been hammered by bots, which can use a lot of resource on a £5/£10 VPS.
`ufw limit ssh` solves this as well, performant, efficient, nothing else needed than the built-in firewall. If you are targeted by a botnet, fail2ban will solve nothing.
> Good security is about having multiple layers of defense. Fail2Ban protection is one of those layers.
Let me quote again the readme of fail2ban: "Set up services to use only two factor, or public/private authentication mechanisms if you really want to protect services."
True defense in depth means choosing effective layers, not putting arbitrary layers on top of each other. Defense in depth doesn't mean every possible layer is good.
You want layers that meaningfully improve your security posture without adding unnecessary complexity or false confidence.
You can use the built-in firewall for that (`ufw limit ssh`).
> I've had friends that setup a small VPS and they've been hammered by bots, which can use a lot of resource on a £5/£10 VPS.
`ufw limit ssh` solves this as well, performant, efficient, nothing else needed than the built-in firewall. If you are targeted by a botnet, fail2ban will solve nothing.
> Good security is about having multiple layers of defense. Fail2Ban protection is one of those layers.
Let me quote again the readme of fail2ban: "Set up services to use only two factor, or public/private authentication mechanisms if you really want to protect services."
True defense in depth means choosing effective layers, not putting arbitrary layers on top of each other. Defense in depth doesn't mean every possible layer is good.
You want layers that meaningfully improve your security posture without adding unnecessary complexity or false confidence.