For SSH, all you need is to allow only pubkey authentication. The other stuff, like Fail2ban aren’t necessary. If you want to clean up logs, you can change port number too.
Better yet, use outbound only SSH (with a tool provided by the VPS provider like AWS session manager or third party).