If I’m bruteforcing a server and each time that I try an username/password my IP gets banned but suddenly one combination allows me to do 4-5 test ( any bigger number than previously) you are potentially telling me that this user is different (it exists) than the previous ones. Therefore you are doing the attack easier for me because now I know which users actually exist in the machine. It doesn’t matter if you are locking the attacker after the password was given.
As others told you, using public key auth, non standard ports or even port knocking will be much more useful.
If I’m bruteforcing a server and each time that I try an username/password my IP gets banned but suddenly one combination allows me to do 4-5 test ( any bigger number than previously) you are potentially telling me that this user is different (it exists) than the previous ones. Therefore you are doing the attack easier for me because now I know which users actually exist in the machine. It doesn’t matter if you are locking the attacker after the password was given.
As others told you, using public key auth, non standard ports or even port knocking will be much more useful.