diff --git a/usr.sbin/freebsd-update/freebsd-update.8 b/usr.sbin/freebsd-update/freebsd-update.8
--- a/usr.sbin/freebsd-update/freebsd-update.8
+++ b/usr.sbin/freebsd-update/freebsd-update.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 22, 2022
+.Dd August 17, 2022
 .Dt FREEBSD-UPDATE 8
 .Os
 .Sh NAME
@@ -51,7 +51,7 @@
 tool is used to fetch, install, and rollback binary
 updates to the
 .Fx
-base system.
+base system. It can also just check for available updates and exit.
 .Sh BINARY UPDATES AVAILABILITY
 Binary updates are not available for every single
 .Fx
@@ -161,6 +161,18 @@
 .Cm command
 can be any one of the following:
 .Bl -tag -width "rollback"
+.It Cm check
+Check for available updates without fetching all available
+binary files. Instead, it only fetches and sanitizes the update
+tag and compares it against the current running version of
+.Fx
+at that time. The 
+.Cm check
+command can not be called together with the
+.Cm install
+or
+.Cm upgrade
+commands.
 .It Cm fetch
 Based on the currently installed world and the configuration
 options set, fetch all available binary updates.
@@ -259,4 +271,8 @@
 .Xr freebsd-update.conf 5 ,
 .Xr nextboot 8
 .Sh AUTHORS
-.An Colin Percival Aq Mt cperciva@FreeBSD.org
+.An Colin Percival Aq Mt cperciva@FreeBSD.org .
+The
+.Cm check
+command was implemented and documented by
+.An Vinicius Zavam Aq Mt egypcio@FreeBSD.org .
diff --git a/usr.sbin/freebsd-update/freebsd-update.sh b/usr.sbin/freebsd-update/freebsd-update.sh
--- a/usr.sbin/freebsd-update/freebsd-update.sh
+++ b/usr.sbin/freebsd-update/freebsd-update.sh
@@ -59,9 +59,10 @@
   --currently-running release
                -- Update as if currently running this release
 Commands:
-  fetch        -- Fetch updates from server
+  check        -- Check for available updates only
   cron         -- Sleep rand(3600) seconds, fetch updates, and send an
                   email if updates were found
+  fetch        -- Fetch updates from server
   upgrade      -- Fetch upgrades to FreeBSD version specified via -r option
   updatesready -- Check if there are fetched updates ready to install
   install      -- Install downloaded updates or upgrades
@@ -474,6 +475,9 @@
 
 	# Fetched first in a chain of commands
 	ISFETCHED=0
+
+	# Check for available updates 
+	CHECK_ONLY=0
 }
 
 # Parse the command line
@@ -541,7 +545,7 @@
 
 		# Commands
 		cron | fetch | upgrade | updatesready | install | rollback |\
-		IDS | showconfig)
+		IDS | showconfig | check)
 			COMMANDS="${COMMANDS} $1"
 			;;
 
@@ -2186,8 +2190,8 @@
 	echo ${NOWTIME} > lasteolwarn
 }
 
-# Do the actual work involved in "fetch" / "cron".
-fetch_run () {
+# Preparation before the actual work involved in "fetch" / "cron".
+fetch_run_pre () {
 	workdir_init || return 1
 
 	# Prepare the mirror list.
@@ -2205,6 +2209,14 @@
 	done
 	fetch_tagsanity || return 1
 
+	# Check for available updates
+	[ $CHECK_ONLY -eq 1 ] && check_only
+}
+
+# Do the actual work involved in "fetch" / "cron".
+fetch_run () {
+	fetch_run_pre
+
 	# Fetch the latest INDEX-NEW and INDEX-OLD files.
 	fetch_metadata INDEX-NEW INDEX-OLD || return 1
 
@@ -3023,14 +3035,6 @@
 		install_from_index INDEX-NEW || return 1
 		install_delete INDEX-OLD INDEX-NEW || return 1
 
-		# Restart sshd if running (PR263489).  Note that this does not
-		# affect child sshd processes handling existing sessions.
-		if service sshd status >/dev/null 2>/dev/null; then
-			echo
-			echo "Restarting sshd after upgrade"
-			service sshd restart
-		fi
-
 		# Rehash certs if we actually have certctl installed.
 		if which certctl>/dev/null; then
 			env DESTDIR=${BASEDIR} certctl rehash
@@ -3371,6 +3375,39 @@
 	IDS_compare INDEX-ALL INDEX-PRESENT
 }
 
+# Check for available updates
+check_only () {
+	RELPATCHNUM=`cut -f 4 -d '|' < tag.new`
+	RELPX=`uname -r | sed -E 's,.*-,,'`
+	case ${RELPX} in
+	    ALPHA* | BETA* | RC*)
+		echo "`basename $0` can not check updates for ALPHA/BETA/RC releases."
+		echo "Those can only be upgraded to a newer release, not patched."
+		exit 1
+		;;
+	    RELEASE)
+		if [ $RELPATCHNUM -ge 1 ]; then
+		    echo "There is an update available: $RELNUM-p$RELPATCHNUM"
+		    exit 0
+		fi
+		;;
+	    p*)
+		PX=`echo $RELPX | sed 's|p||'`
+		if [ $PX -lt $RELPATCHNUM ]; then
+		    echo "There is an update available: $RELNUM-p$RELPATCHNUM"
+		    exit 0
+		fi
+		;;
+	    *)
+		echo "`basename $0` can not find reliable updates for `uname -r`"
+		echo "Cowardly refusing to proceed any further."
+		exit 1
+		;;
+	esac
+	echo "No updates are available."
+	exit 0
+}
+
 #### Main functions -- call parameter-handling and core functions
 
 # Using the command line, configuration file, and defaults,
@@ -3393,7 +3430,9 @@
 		exit 1
 	fi
 	fetch_check_params
-	fetch_run || exit 1
+	if ( ! `echo $COMMANDS | grep -q check` ) ; then
+		fetch_run || exit 1
+	fi
 	ISFETCHED=1
 }
 
@@ -3479,6 +3518,16 @@
 	done
 }
 
+# Check for available updates.
+cmd_check () {
+	if ( ! `echo $COMMANDS | grep -q -E 'install|upgrade'` ) ; then
+		CHECK_ONLY=1
+	fi
+	finalize_components_config ${COMPONENTS}
+	fetch_check_params
+	fetch_run_pre
+}
+
 #### Entry point
 
 # Make sure we find utilities from the base system