Every time I've ever implemented denyhosts or fail2ban in a production environment it has created a guaranteed ticket-stream of unlock requests, password reset requests, requests to change the settings or manage the whitelist, and generally just people who give up logging in to look into things and lean more on the sysadmins for stuff they could do themselves.
Its not a technical problem with either tool per-se, but if your users number in the dozens or greater its going to be a noticable uptick in support workload and frustrated users.
Also, the problem they solve is they reduce your risk of brute force ssh login attacks. Honestly, the risk of that is incredibly small as long as you have even a moderately decent password policy.