Fail2ban bans not working
Sophia Terry 
What exactly does a ban do? I know this kinda absurd to ask, but still. I know it ban login attempts. But does it prevent banned IPs from attempting succesful logins?
I banned a test ip (both manually and porpusly failing), yet i can still login when using proper user and keys. And as far as i know the jail is enabled.
Also, (bonus question) is having max attempts on zero an overkill?
I ask because i use a key and known port (not 22) to login, so either my login is corrupt or i login succesfully. So i dont expect to be attempting unsuccesfully.
31 Answer
What exactly does a ban do?
It completely depends on what actions you have enabled in the jail's configuration. The default, however, is to block the IP address through your system firewall (iptables or nft).
With iptables, run iptables-save – this should show you that the main input chain has a jump to the "f2b-sshd" chain, which then has either a basic IP address block or an ipset-based block. (If it's empty, fail2ban did not take any action yet. On the other hand, if you do find a rule, make sure it is blocking the correct TCP port!)
On systems using nft run nft list ruleset and look for similar rules.
But does it prevent banned IPs from attempting succesful logins?
Yes. You don't know whether a login is successful until after it has been attempted.
Also, (bonus question) is having max attempts on zero an overkill?
Yes. (Assuming you mean zero failed attempts, at least.) It doesn't protect you from random bruteforce botnets any better than 3–5 attempts, and it doesn't protect you from dedicated attackers who can easily switch to a new IP address for their next try.
Sooner or later, you will manage to lock yourself out by accidentally using the wrong key (e.g. mixing up personal and work keys), or connecting from a system which has a different local username (and forgetting to specify the right one in ssh command), or mistyping the SSH key's passphrase.
1
