Hi,
I have found that when you disable password authentication in /etc/ssh/sshd_config
PasswordAuthentication no
Fail2ban starts to let IPs go through. In the context of a DOS attack, this means an attacker can send ssh requests to your server without being banned. You can do it yourself to check it. create Id_rsa pub and private keys, install it on your client. Then, disable password authentication in sshd_config. Then,
go to a device without id_rsa installed with a different IP just in case, and send as many ssh user@host requests as you want to your server. The IP address will never be banned.
To solve this problem, I have opened /etc/fail2ban/filter.d/sshd.conf
I replaced mode=normal with mode=aggressive
Then, in /etc/fail2ban/jail.local
I replaced filter = sshd with filter = sshd[mode=aggressive]
Then,
service fail2ban restart
Is it the right/only way to do it?