Yes everyone should use key-based authentication. What fail2ban and other firewall styled security measures do is to move the point of contact on your network.

1 - You want to limit the number of times that SSHD initializes the connection handshake, this initialization period is when/where 0-day exploits can get through.

2 - With active auditing you can add the banned IP's to your edge device. Odds are that a legitimate IP won't be trying to SSH into your systems so block everything from them. I go one step further and share that banned IP list on all my edge devices.

spiped is not an exclusive or to key based auth. I advise to use spiped + key based authentication.

spiped allows also for circumventing zero-day attacks on openssh.

On smallish servers it can keep the logs human-browsable without filtering. Not necessary, but nice.