diff --git a/tasks/main.yml b/tasks/main.yml
index 050b098..92167dd 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,11 +1,32 @@
 # tasks file
 ---
+- name: install dependencies
+  ansible.builtin.apt:
+    name: "{{ ssh_server_dependencies }}"
+    state: "{{ apt_install_state | default('latest') }}"
+    update_cache: true
+    cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
+  tags:
+    - configuration
+    - ssh-server
+    - ssh-server-dependencies
+
+- name: install
+  ansible.builtin.apt:
+    name: "{{ ssh_server_install }}"
+    state: "{{ apt_install_state | default('latest') }}"
+  tags:
+    - configuration
+    - ssh-server
+    - ssh-server-install
+
 - name: get (current) version  # noqa risky-shell-pipe
   ansible.builtin.shell: >
     dpkg-query -W -f='${Version}' openssh-server | awk -F':' '{print $2}' | awk -F'p' '{print $1}'
   register: _get_current_version
   changed_when: false
-  failed_when: false
+  check_mode: false
+  failed_when: "_get_current_version.rc != 0"
   tags:
     - configuration
     - ssh-server
@@ -23,26 +44,6 @@
     - ssh-server-version
     - ssh-server-version-set
 
-- name: install dependencies
-  ansible.builtin.apt:
-    name: "{{ ssh_server_dependencies }}"
-    state: "{{ apt_install_state | default('latest') }}"
-    update_cache: true
-    cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
-  tags:
-    - configuration
-    - ssh-server
-    - ssh-server-dependencies
-
-- name: install
-  ansible.builtin.apt:
-    name: "{{ ssh_server_install }}"
-    state: "{{ apt_install_state | default('latest') }}"
-  tags:
-    - configuration
-    - ssh-server
-    - ssh-server-install
-
 - name: check host keys
   ansible.builtin.command: >
     ssh-keygen -A