There is a better way to do this, using fail2ban means you have to add an application, and it operates at the application layer.
If you use iptables it is more efficient as it operates at the network layer and you do not have to install an extra application.
Use the iptables recent module http://www.snowman.net/projects/ipt_recent/
iptables -N SSHSCAN
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
iptables -A SSHSCAN -m recent --set --name SSH
iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH -j LOG --log-level info --log-prefix "SSH SCAN blocked: "
iptables -A SSHSCAN -m recent --update --seconds 300 --hitcount 3 --name SSH -j DROP
iptables -A SSHSCAN -j ACCEPT