Is there a way to automatically block IP address when a user tries to login as any invalid username? I already have:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 31536000
in /etc/fail2ban/jail.conf
I cannot help you with fail2ban, but I am using denyhosts quite successfully for exactly this thing. You can tune quite a lot parameters and it also have a distributed database where you can send and receive other badhosts.
Here's more detailed howto:
Install denyhosts package (sudo apt-get install denyhosts)
Look at the default configuration in /etc/denyhosts.conf, you might be interested in DENY_TRESHOLD_INVALID, DENY_TRESHOLD_VALID and DENY_TRESHOLD_ROOT options.
As for the sync server it's disabled by default and you will need to enable it by uncommenting SYNC_SERVER option.
It's also not bad to set PURGE_DENY option to 1w or something like that in case you block-out yourself, so the entry will get purge after one week and you will be able to login again.
