fail2ban is the same as having high number of rounds on password hashes to slow down attackers, and it takes about 30 seconds to install+configure. it makes a lot more sense than the title here, but is only useful as security-in-depth and can't replace other good practices. high rounds on a password hash is also equally useless if you use "password123" or something like that.
i've also seen significant reductions in idle cpu by using it and sending offenders to the timeout bin for 24h.
I wasn't calling you most uninformed, your statement is totally correct, I was referring to any persons who might argue that fail2ban is purely useless as security theater. What I said was that fail2ban is useful as an annoyance/log clutter reducer, but not something that's an actual security measure which would be suitable to protect a poorly-configured sshd.
i've also seen significant reductions in idle cpu by using it and sending offenders to the timeout bin for 24h.
thanks for calling me "most uninformed" though.