But as soon as you found that "PermitRootLogin" can be set with no then all brute forces become useless since they can't match combination of user/password.
fail2ban has other uses: it prevents non-root user error (oops, one of your contractors reused a password…), it significantly reduces log noise, and it protects against any future exploit which doesn’t always work on the first 3 tries.
But for mine usage it increase memory usage. I'm using it on OrangePi Zero with 256MB RAM.
Port 22 is opened for world so anyone can join. Device have 2 users - root and jacob. I make a change and disable root login from WAN. Now can login from root from LAN.
Since noone knows that "jacob" exists i'm saved.
Not necessarily, plenty of people have common / guessable user accounts. For example every one of my servers in the cloud has an account called "user". (All my servers are also key-only authentication, obviously.)
But as soon as you found that "PermitRootLogin" can be set with no then all brute forces become useless since they can't match combination of user/password.