diff --git a/playbooks/roles/afs-release/files/release-volumes.py b/playbooks/roles/afs-release/files/release-volumes.py
index a4db5029e9..b2b1806514 100644
--- a/playbooks/roles/afs-release/files/release-volumes.py
+++ b/playbooks/roles/afs-release/files/release-volumes.py
@@ -29,8 +29,6 @@ import subprocess
 
 from contextlib import contextmanager
 from datetime import datetime
-from paramiko import SSHClient
-
 
 VOLUMES = ['docs',
            'docs.dev',
@@ -71,20 +69,31 @@ def get_last_update(volume):
     return ret
 
 
-def release(volume, host, key, stats):
+def release(volume, host, user, key, stats):
     log.info("Releasing %s" % volume)
 
     vn = volume.replace('.','_')
 
     with stats.timer('%s.%s' % (STATSD_PREFIX, vn)):
-        client = SSHClient()
-        client.load_host_keys(key)
-        client.connect(host)
-        stdin, stdout, stderr = client.exec_command('vos release %s' % volume)
-        for line in stdout.readlines():
+        # NOTE(ianw) : clearly paramiko would be better, but bionic
+        # version 2.0.0 can't read a ed25519 key which we used in the
+        # all the other ansible setup.
+        cmd = ('ssh', '-T', '-i', '%s' % key,
+               '%s@%s' % (user, host), '--',
+               'vos', 'release', volume)
+        log.debug('Running: %s' % ' '.join(cmd))
+        p = subprocess.Popen(cmd,
+                             shell=False,
+                             stdout=subprocess.PIPE,
+                             stderr=subprocess.PIPE,
+                             universal_newlines=True)
+        output, error = p.communicate()
+        for line in output.split('\n'):
             log.debug(line)
-            client.close()
-        logging.info("Release of %s successful" % volume)
+        if not error:
+            log.info("Release of %s successful" % volume)
+        else:
+            log.error("Release of %s failed" % volume)
 
 
 def check_release(volume):
@@ -119,7 +128,7 @@ def get_lock(path):
         f.flush()
         log.debug("Acquired release lock")
         yield
-        logging.debug("Release lock")
+        log.debug("Release lock")
         fcntl.flock(f, fcntl.LOCK_UN)
 
 
@@ -134,6 +143,8 @@ def main():
                         help="Force vos release, even if not required")
     parser.add_argument('--skip-release', action='store_true',
                         help="Skip vos release, even if required")
+    parser.add_argument('--ssh-user', action='store',
+                        default='vos_release', help="SSH user on remote host")
     parser.add_argument('--ssh-identity', action='store',
                         default='/root/.ssh/id_vos_release',
                         help="SSH identify file for remote vos release")
@@ -168,8 +179,8 @@ def main():
                 if args.skip_release:
                     log.info("Force skipping release")
                 else:
-                    release(volume, args.ssh_server, args.ssh_identity,
-                        stats)
+                    release(volume, args.ssh_server, args.ssh_user,
+                            args.ssh_identity, stats)
 
     log.debug("--- Complete %s ---" % datetime.now())
 
diff --git a/playbooks/roles/afs-release/files/requirements.txt b/playbooks/roles/afs-release/files/requirements.txt
index a3a62b8dbd..1f6e2b86a9 100644
--- a/playbooks/roles/afs-release/files/requirements.txt
+++ b/playbooks/roles/afs-release/files/requirements.txt
@@ -1,2 +1 @@
-paramiko # LGPL 2.1
 statsd>=3.2.1 # MIT
diff --git a/playbooks/roles/afs-release/tasks/main.yaml b/playbooks/roles/afs-release/tasks/main.yaml
index dc4c1c35ce..faf6b94dac 100644
--- a/playbooks/roles/afs-release/tasks/main.yaml
+++ b/playbooks/roles/afs-release/tasks/main.yaml
@@ -24,7 +24,6 @@
   package:
     name:
       - python3-statsd
-      - python3-paramiko
     state: present
 
 - name: Install release cron job