We're seeing on a few of our servers - and sometimes it's only
occasionally on some of those - where fail2ban's running happily, AFAIK,
but there's an attack (from China, Brazil, etc) on ssh, and they don't
seem to be banned; I see many, many sorries for wrong username or
It *seems* to work again once restarted.
CentOS mailing list