> It should trigger fail2ban, that's for sure.

But people here are going to explain that fail2ban is security theater...

I am one of the people who see fail2ban as a nuisance for the average administrator. Average means that they know things on average and sooner or later fail2ban will block unexpectedly. Usually when you are away canoeing in the wilderness.

This is all a matter of threat and risk management. If you know what you are doing then fail2ban or portknocking is another layer on your security.

Security theater in my opinion is something else: nonsense password policies, hiding your SSID, whitelisting MACs, ...

It's a doorstop, not a fix. Useful nonetheless.

Can you link to any comment in this thread of someone actually claiming that?