My thinking is that good security configuration makes fail2ban redundant. With password authentication disabled and strong keys, it’s not clear to me what the threat is that fail2ban offers to protect against.
I use it mostly because it simply declutters the logfiles, and it's super easy to set up and has practically no maintenance, so why not?
EDIT: as others have noted here, fail2ban can do much more than just ssh. I also use it for Exim to block all these open-relay-scanners which are polluting the logs.
fail2ban is not only for SSH, but also for HTTP. You have a php website with apache and logs enabled? Fail2ban can ban people if they try to brute force your login page. It's actually quite powerful, but I see it in use less and less.
This. I host a very simple website at home on my Raspberry Pi; maybe 20 regular users. But, I receive a ton of traffic trying to login to PHP admin, nginx scripts, ssh brute force attempts, and on and on... I use fail2ban to ban individual IPs and if I see a lot coming from a particular CIDR range, I'll just block that whole range.
There are a ton of example jails out on GitHub and elsewhere that are easily dropped into your configs.
