diff --git a/ssh-server/tasks/main.yml b/ssh-server/tasks/main.yml
index cd13d30bfb29945efe1e51bc8da1f76d27ff1b67..554387027889ad4f45a7df1b2011be25beef8bf2 100644
--- a/ssh-server/tasks/main.yml
+++ b/ssh-server/tasks/main.yml
@@ -38,6 +38,18 @@
   tags:
     - ssh
 
+- name: ensure ssh is configured
+  template:
+    src: ssh_config.j2
+    dest: /etc/ssh/ssh_config
+    owner: root
+    group: root
+    mode: '0644'
+    backup: true
+  when: debian_version != "jessie"
+  tags:
+    - ssh
+
 - name: ensure standard pam configuration for sshd
   copy:
     src: pam/sshd
diff --git a/ssh-server/templates/ssh_config b/ssh-server/templates/ssh_config.j2
similarity index 98%
rename from ssh-server/templates/ssh_config
rename to ssh-server/templates/ssh_config.j2
index 3810e13d739e15cf0404b417eb3a3a193ac90e6b..4fefb09b7ecb32778c7e536f5c9582f930ef9859 100644
--- a/ssh-server/templates/ssh_config
+++ b/ssh-server/templates/ssh_config.j2
@@ -52,3 +52,4 @@ Host *
     HashKnownHosts yes
     GSSAPIAuthentication yes
     GSSAPIDelegateCredentials no
+    VerifyHostKeyDNS yes