diff --git a/defaults/main.yml b/defaults/main.yml
index 87fd492..6c40e1e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -63,5 +63,7 @@ sshd__allowed_groups:
   - "admins"
 sshd__xforwarding: True
 
+sshd__state: present # use latest for upgrading
+
 # perform simple version check for this role? (true is recomended)
 submodules_versioncheck: false
diff --git a/handlers/main.yml b/handlers/main.yml
index 44e4115..e8f3bb5 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,5 +1,5 @@
 ---
-- name: systemctrl restart ssh
+- name: systemctl restart ssh
   become: yes
   service:
     name: "{{ sshd__service }}"
diff --git a/tasks/keys.yml b/tasks/keys.yml
new file mode 100644
index 0000000..30d1e8e
--- /dev/null
+++ b/tasks/keys.yml
@@ -0,0 +1,43 @@
+---
+- name: Generate new ssh host key pair if necessary
+  become: yes
+  command: ssh-keygen -t ecdsa -f 'ssh_host_{{ item }}_key' -P '' -q
+  args:
+    chdir: '/etc/ssh/'
+    creates: 'ssh_host_{{ item }}_key.pub'
+  notify:
+    - systemctl restart ssh
+  with_items: "{{ sshd__key_types }}"
+  when:
+    - sshd__manage_key_types | bool
+
+- name: Remove unwanted host keys
+  become: yes
+  file:
+    path: '/etc/ssh/ssh_host_{{ item }}_key'
+    state: absent
+  with_items:
+    - rsa
+    - dsa
+  notify:
+    - systemctl restart ssh
+
+- name: make sure the correct keys are available
+  file:
+    path: '/etc/ssh/ssh_host_{{ item }}_key'
+    state: absent
+  become: yes
+  with_items:
+    - "{{ sshd__key_types_list | difference( sshd__key_types ) }}"
+  notify:
+    - systemctl restart ssh
+
+- name: make sure the correct pubkeys are available
+  file:
+    path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
+    state: absent
+  become: yes
+  with_items:
+    - "{{ sshd__key_types_list | difference( sshd__key_types ) }}"
+  notify:
+    - systemctl restart ssh
diff --git a/tasks/main.yml b/tasks/main.yml
index 02c64e2..a1f1197 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,6 +2,12 @@
 - include_tasks: versioncheck.yml
   when: submodules_versioncheck|bool
 
+- name: Gather the package facts
+  package_facts:
+    manager: auto
+
+- include_tasks: packages.yml
+
 - name: set sshd_service variable
   block:
     - name: read os specific variable
@@ -15,48 +21,12 @@
     sshd__allowed_users:  '{{ sshd__allowed_users + users.keys() | default({}) | sort }}'
     sshd__allowed_groups: '{{ sshd__allowed_groups + users.keys() | default({}) | sort }}'
 
-- name: Generate new ssh host key pair if necessary
-  become: yes
-  command: ssh-keygen -t ecdsa -f 'ssh_host_{{ item }}_key' -P '' -q
-  args:
-    chdir: '/etc/ssh/'
-    creates: 'ssh_host_{{ item }}_key.pub'
-  notify:
-    - systemctrl restart ssh
-  with_items: "{{ sshd__key_types }}"
-  when:
-    - sshd__manage_key_types | bool
+- name: "get package version of {{ sshd__package }}"
+  debug:
+    msg: "{{ ansible_facts.packages[sshd__package][0].version }}"
+  when: "'{{ sshd__package }}' in ansible_facts.packages"
 
-- name: Remove unwanted host keys
-  become: yes
-  file:
-    path: '/etc/ssh/ssh_host_{{ item }}_key'
-    state: absent
-  with_items:
-    - rsa
-    - dsa
-  notify:
-    - systemctrl restart ssh
-
-- name: make sure the correct keys are available
-  file:
-    path: '/etc/ssh/ssh_host_{{ item }}_key'
-    state: absent
-  become: yes
-  with_items:
-    - "{{ sshd__key_types_list | difference( sshd__key_types ) }}"
-  notify:
-    - systemctrl restart ssh
-
-- name: make sure the correct pubkeys are available
-  file:
-    path: '/etc/ssh/ssh_host_{{ item }}_key.pub'
-    state: absent
-  become: yes
-  with_items:
-    - "{{ sshd__key_types_list | difference( sshd__key_types ) }}"
-  notify:
-    - systemctrl restart ssh
+- include_tasks: keys.yml
 
 - name: Copy sshd configuration
   become: yes
@@ -69,4 +39,4 @@
     validate: /usr/sbin/sshd -t -f %s
     backup: yes
   notify:
-    - systemctrl restart ssh
+    - systemctl restart ssh
diff --git a/tasks/packages.yml b/tasks/packages.yml
new file mode 100644
index 0000000..54f2319
--- /dev/null
+++ b/tasks/packages.yml
@@ -0,0 +1,6 @@
+---
+- name: "install {{ sshd__package }}"
+  become: true
+  package:
+    name: "{{ sshd__package }}"
+    state: "{{ sshd_state }}"
diff --git a/vars/main.yml b/vars/main.yml
index d50c765..6d468fd 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,3 +1,3 @@
 ---
-playbook_version_number: 2070 # should be over ninethousand
+playbook_version_number: 2075 # should be over ninethousand
 playbook_version_path: 'role-sshd_chaos-bodensee_github.com.version'
diff --git a/vars/sshd_archlinux.yml b/vars/sshd_archlinux.yml
index f866ea5..3373e3b 100644
--- a/vars/sshd_archlinux.yml
+++ b/vars/sshd_archlinux.yml
@@ -8,3 +8,5 @@ sshd__key_types_list:
 
 sshd__xauth:
   - xorg-xauth
+
+sshd__package: 'openssh-server'
diff --git a/vars/sshd_centos.yml b/vars/sshd_centos.yml
index f866ea5..3373e3b 100644
--- a/vars/sshd_centos.yml
+++ b/vars/sshd_centos.yml
@@ -8,3 +8,5 @@ sshd__key_types_list:
 
 sshd__xauth:
   - xorg-xauth
+
+sshd__package: 'openssh-server'
diff --git a/vars/sshd_debian.yml b/vars/sshd_debian.yml
index cc115de..b54947f 100644
--- a/vars/sshd_debian.yml
+++ b/vars/sshd_debian.yml
@@ -8,3 +8,5 @@ sshd__key_types_list:
 
 sshd__xauth:
   - xorg-xauth
+
+sshd__package: 'openssh-server'
diff --git a/vars/sshd_default.yml b/vars/sshd_default.yml
index cc115de..b54947f 100644
--- a/vars/sshd_default.yml
+++ b/vars/sshd_default.yml
@@ -8,3 +8,5 @@ sshd__key_types_list:
 
 sshd__xauth:
   - xorg-xauth
+
+sshd__package: 'openssh-server'
diff --git a/vars/sshd_fedora.yml b/vars/sshd_fedora.yml
index f866ea5..3373e3b 100644
--- a/vars/sshd_fedora.yml
+++ b/vars/sshd_fedora.yml
@@ -8,3 +8,5 @@ sshd__key_types_list:
 
 sshd__xauth:
   - xorg-xauth
+
+sshd__package: 'openssh-server'