diff --git a/data/hooks/diagnosis/70-regenconf.py b/data/hooks/diagnosis/70-regenconf.py
index b8551f5fe..4e40c71fb 100644
--- a/data/hooks/diagnosis/70-regenconf.py
+++ b/data/hooks/diagnosis/70-regenconf.py
@@ -1,10 +1,12 @@
 #!/usr/bin/env python
 
 import os
+import re
 
+from yunohost.settings import settings_get
 from yunohost.diagnosis import Diagnoser
 from yunohost.regenconf import _get_regenconf_infos, _calculate_hash
-
+from moulinette.utils.filesystem import read_file
 
 class RegenconfDiagnoser(Diagnoser):
 
@@ -45,6 +47,21 @@ class RegenconfDiagnoser(Diagnoser):
                    summary="diagnosis_sshd_config_insecure",
                 )
 
+        # Check consistency between actual ssh port in sshd_config vs. setting
+        ssh_port_setting = settings_get('security.ssh.port')
+        ssh_port_line = re.findall(
+            r"\bPort *([0-9]{2,5})\b", read_file("/etc/ssh/sshd_config")
+        )
+        if len(ssh_port_line) == 1 and int(ssh_port_line[0]) != ssh_port_setting:
+            yield dict(
+               meta={
+                   "test": "sshd_config_port_inconsistency"
+               },
+               status="WARNING",
+               summary="diagnosis_sshd_config_inconsistent",
+               details=["diagnosis_sshd_config_inconsistent_details"],
+            )
+
     def manually_modified_files(self):
 
         for category, infos in _get_regenconf_infos().items():
diff --git a/locales/en.json b/locales/en.json
index 840d359ed..63d5c6b10 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -270,6 +270,8 @@
     "diagnosis_never_ran_yet": "It looks like this server was setup recently and there's no diagnosis report to show yet. You should start by running a full diagnosis, either from the webadmin or using 'yunohost diagnosis run' from the command line.",
     "diagnosis_processes_killed_by_oom_reaper": "Some processes were recently killed by the system because it ran out of memory. This is typically symptomatic of a lack of memory on the system or of a process that ate up to much memory. Summary of the processes killed:\n{kills_summary}",
     "diagnosis_sshd_config_insecure": "The SSH configuration appears to have been manually modified, and is insecure because it contains no 'AllowGroups' or 'AllowUsers' directive to limit access to authorized users.",
+    "diagnosis_sshd_config_inconsistent": "It looks like the SSH port was manually modified in /etc/ssh/sshd_config. Since Yunohost 4.2, a new global setting 'security.ssh.port' is available to avoid manually editing the configuration.",
+    "diagnosis_sshd_config_inconsistent_details": "Please run <cmd>yunohost settings set security.ssh.port -v YOUR_SSH_PORT</cmd> to define the SSH port, and check <cmd>yunohost tools regen-conf ssh --dry-run --with-diff</cmd> and <cmd>yunohost tools regen-conf ssh --force</cmd> to reset your conf to the Yunohost recommendation.",
     "domain_cannot_remove_main": "You cannot remove '{domain:s}' since it's the main domain, you first need to set another domain as the main domain using 'yunohost domain main-domain -n <another-domain>'; here is the list of candidate domains: {other_domains:s}",
     "domain_cannot_add_xmpp_upload": "You cannot add domains starting with 'xmpp-upload.'. This kind of name is reserved for the XMPP upload feature integrated in YunoHost.",
     "domain_cannot_remove_main_add_new_one": "You cannot remove '{domain:s}' since it's the main domain and your only domain, you need to first add another domain using 'yunohost domain add <another-domain.com>', then set is as the main domain using 'yunohost domain main-domain -n <another-domain.com>' and then you can remove the domain '{domain:s}' using 'yunohost domain remove {domain:s}'.'",