diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 64d0208..49c7a35 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -61,6 +61,7 @@ global_ssh_key_directory: "{{ global_public_key_directory }}/ssh"
 global_ssh_host_key_directory: "{{ global_ssh_key_directory }}/hosts"
 
 global_validate_shell_script: "/usr/bin/shellcheck %s" # TODO add "--format="
+global_validate_sshd_config: "/usr/sbin/sshd -t -f %s"
 global_validate_sudoers_file: "/usr/sbin/visudo -c -f %s"
 
 global_wireguard_private_directory: "{{ global_credentials_directory }}/wireguard"
diff --git a/roles/common/tasks/sshd.yml b/roles/common/tasks/sshd.yml
index 136bf95..f40f016 100644
--- a/roles/common/tasks/sshd.yml
+++ b/roles/common/tasks/sshd.yml
@@ -35,6 +35,7 @@
     owner: root
     group: root
     mode: "u=rw,g=r,o=r"
+    validate: "{{ global_validate_sshd_config }}"
   notify: reassemble sshd config
 
 - name: Upload main ssh_config