Installing and using fail2ban is a great way to prevent attacks on SSH but I encountered an unusual problem with it: I sometimes got banned after frequent successful ssh logins. The reason was that I had public key authentication set up for another user on the same host and ssh was trying to use it for all the other accounts before prompting me for a password. The default fail2ban filters consider the “Failed publickey” error in the sshd log file at the same level with a failed password login hence the ban.
To change this behavior I had to edit /etc/fail2ban/filter.d/sshd.conf and change.
^%(__prefix_line)sFailed (?:password|publickey) for .* from (?: port \d*)?(?: ssh\d*)?$
^%(__prefix_line)sFailed password for .* from (?: port \d*)?(?: ssh\d*)?$