As far as Fail2ban goes, using it to lock the door is good, but removing the door entirely is better.
Fail2ban is useful for limiting failed access attempts, but closing the SSH port altogether limits attack pathways to only trusted parties in the first place — assuming SSH isn’t meant to be publicly accessible.
There are many modern technology options for enabling private access without needing to open firewall ports, many are listed at https://zerotrustnetworkaccess.info
Of these, mesh overlay networks appear to be gaining the most traction lately, especially among the HN crowd.