diff --git a/openssh/config.sls b/openssh/config.sls
index eb721e9..9fbe895 100644
--- a/openssh/config.sls
+++ b/openssh/config.sls
@@ -15,6 +15,9 @@ sshd_config:
     - group: {{ openssh.sshd_config_group }}
     - mode: {{ openssh.sshd_config_mode }}
     - check_cmd: {{ openssh.sshd_binary }} -t -f
+    {%- if openssh.sshd_config_backup  %}
+    - backup: minion
+    {%- endif %}
     - watch_in:
       - service: {{ openssh.service }}
 {% endif %}
@@ -28,6 +31,9 @@ ssh_config:
     - user: {{ openssh.ssh_config_user }}
     - group: {{ openssh.ssh_config_group }}
     - mode: {{ openssh.ssh_config_mode }}
+    {%- if openssh.ssh_config_backup  %}
+    - backup: minion
+    {%- endif %}
 {% endif %}
 
 {%- for keyType in ['ecdsa', 'dsa', 'rsa', 'ed25519'] %}
diff --git a/openssh/defaults.yaml b/openssh/defaults.yaml
index 021267e..f26d784 100644
--- a/openssh/defaults.yaml
+++ b/openssh/defaults.yaml
@@ -6,11 +6,13 @@ openssh:
   sshd_config_user: root
   sshd_config_group: root
   sshd_config_mode: '644'
+  sshd_config_backup: True
   ssh_config: /etc/ssh/ssh_config
   ssh_config_src: salt://openssh/files/ssh_config
   ssh_config_user: root
   ssh_config_group: root
   ssh_config_mode: '644'
+  ssh_config_backup: True
   banner: /etc/ssh/banner
   banner_src: salt://openssh/files/banner
   ssh_known_hosts: /etc/ssh/ssh_known_hosts