diff --git a/manifests/ssh/config/sshd.pp b/manifests/ssh/config/sshd.pp
index af457f2afd5784eab084555f58af38200cb69ba9..a9bf157014ea02aee3dce81796f97b5b5a2a668b 100644
--- a/manifests/ssh/config/sshd.pp
+++ b/manifests/ssh/config/sshd.pp
@@ -1,6 +1,6 @@
 # Create the sshd configuration.
 
-# listen_addresses: If you want to restrict the ssh service to listen only at
+# $listen_addresses: If you want to restrict the ssh service to listen only at
 # certain addresses, specify with this parameter. Enter them as a
 # comma-delimited list.
 #
@@ -14,6 +14,9 @@
 # omitted from the sshd configuration file (which is equivalent to having
 # sshd listen at _all_ addresses).
 #
+# $listen_ports: a comma-delimited list of ports to listen to. Defaults to
+# "22". Example: "22,44".
+#
 # If you want to allow root to log in with a password, set
 # rootloginwithpswd 'yes'. Otherwise, root logins with a password
 # are not allowed.
@@ -33,6 +36,7 @@ define base::ssh::config::sshd(
   $source            = undef,
   $max_tries         = 5,
   $listen_addresses  = 'all',
+  $listen_ports      = '22',
   $rootloginwithpswd = 'no',
   $pam_duo           = false,
 ) {
diff --git a/templates/ssh/sshd_config.erb b/templates/ssh/sshd_config.erb
index 27525fde83b43d1e17e500b330d23788b52ece71..91c8cd4c1a58e18a356e3b938dde83c76adaaf6d 100644
--- a/templates/ssh/sshd_config.erb
+++ b/templates/ssh/sshd_config.erb
@@ -4,11 +4,21 @@
 # GSS-API.  It will eventually become the default.  The default configuration
 # values that we don't change are omitted from this file.
 
-Port 22
+<%-
+  # Split the ports at the commas.
+  ports = @listen_ports.split(',')
+  ports.each do |port|
+
+-%>
+Port <%= port %>
+<%
+  end
+-%>
+
 <%
-  if (listen_addresses != 'all')
+  if (@listen_addresses != 'all')
     # Split the addresses at the commas.
-    addresses = listen_addresses.split(',')
+    addresses = @listen_addresses.split(',')
     addresses.each do |address|
 -%>
 ListenAddress <%= address %>