diff --git a/ansible/group_vars/all/seed-hypervisor b/ansible/group_vars/all/seed-hypervisor
index 58c3b0fcd..2ead10389 100644
--- a/ansible/group_vars/all/seed-hypervisor
+++ b/ansible/group_vars/all/seed-hypervisor
@@ -1,4 +1,11 @@
 ---
+###############################################################################
+# Seed hypervisor node configuration.
+
+# User with which to access the seed hypervisor via SSH during bootstrap, in
+# order to setup the Kayobe user account.
+seed_hypervisor_bootstrap_user: "{{ lookup('env', 'USER') }}"
+
 ###############################################################################
 # Seed hypervisor network interface configuration.
 
diff --git a/ansible/group_vars/seed-hypervisor/ansible-user b/ansible/group_vars/seed-hypervisor/ansible-user
index c0d606c19..963472f5f 100644
--- a/ansible/group_vars/seed-hypervisor/ansible-user
+++ b/ansible/group_vars/seed-hypervisor/ansible-user
@@ -1,3 +1,7 @@
 ---
 # User with which to access the seed hypervisor via SSH.
 ansible_user: "{{ kayobe_ansible_user }}"
+
+# User with which to access the seed hypervisor before the kayobe_ansible_user
+# account has been created.
+bootstrap_user: "{{ seed_hypervisor_bootstrap_user }}"
diff --git a/etc/kayobe/seed-hypervisor.yml b/etc/kayobe/seed-hypervisor.yml
index 968cec9a2..93ccd5d3b 100644
--- a/etc/kayobe/seed-hypervisor.yml
+++ b/etc/kayobe/seed-hypervisor.yml
@@ -1,4 +1,11 @@
 ---
+###############################################################################
+# Seed hypervisor node configuration.
+
+# User with which to access the seed hypervisor via SSH during bootstrap, in
+# order to setup the Kayobe user account.
+#seed_hypervisor_bootstrap_user:
+
 ###############################################################################
 # Seed hypervisor network interface configuration.
 
diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py
index f4596feab..3183efc10 100644
--- a/kayobe/cli/commands.py
+++ b/kayobe/cli/commands.py
@@ -263,6 +263,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
 
     * Allocate IP addresses for all configured networks.
     * Add the host to SSH known hosts.
+    * Configure a user account for use by kayobe for SSH access.
     * Optionally, create a virtualenv for remote target hosts.
     * Configure user accounts, group associations, and authorised SSH keys.
     * Configure Yum repos.
@@ -274,10 +275,19 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
 
     def take_action(self, parsed_args):
         self.app.LOG.debug("Configuring seed hypervisor host OS")
+        # Explicitly request the dump-config tag to ensure this play runs even
+        # if the user specified tags.
+        ansible_user = self.run_kayobe_config_dump(
+            parsed_args, host="seed-hypervisor",
+            var_name="kayobe_ansible_user", tags="dump-config")
+        if not ansible_user:
+            self.app.LOG.error("Could not determine kayobe_ansible_user "
+                               "variable for seed hypervisor host")
+            sys.exit(1)
         playbooks = _build_playbook_list(
-            "ip-allocation", "ssh-known-host", "kayobe-target-venv", "users",
-            "yum", "dev-tools", "network", "sysctl", "ntp",
-            "seed-hypervisor-libvirt-host")
+            "ip-allocation", "ssh-known-host", "kayobe-ansible-user",
+            "kayobe-target-venv", "users", "yum", "dev-tools", "network",
+            "sysctl", "ntp", "seed-hypervisor-libvirt-host")
         self.run_kayobe_playbooks(parsed_args, playbooks,
                                   limit="seed-hypervisor")
 
diff --git a/kayobe/tests/unit/cli/test_commands.py b/kayobe/tests/unit/cli/test_commands.py
index 70ef75334..7fd0b5971 100644
--- a/kayobe/tests/unit/cli/test_commands.py
+++ b/kayobe/tests/unit/cli/test_commands.py
@@ -82,22 +82,32 @@ class TestCase(unittest.TestCase):
         ]
         self.assertEqual(expected_calls, mock_run.call_args_list)
 
+    @mock.patch.object(commands.KayobeAnsibleMixin,
+                       "run_kayobe_config_dump")
     @mock.patch.object(commands.KayobeAnsibleMixin,
                        "run_kayobe_playbooks")
-    def test_seed_hypervisor_host_configure(self, mock_run):
+    def test_seed_hypervisor_host_configure(self, mock_run, mock_dump):
         command = commands.SeedHypervisorHostConfigure(TestApp(), [])
         parser = command.get_parser("test")
         parsed_args = parser.parse_args([])
+        mock_dump.return_value = "stack"
 
         result = command.run(parsed_args)
         self.assertEqual(0, result)
 
+        expected_calls = [
+            mock.call(mock.ANY, host="seed-hypervisor",
+                      var_name="kayobe_ansible_user", tags="dump-config")
+        ]
+        self.assertEqual(expected_calls, mock_dump.call_args_list)
+
         expected_calls = [
             mock.call(
                 mock.ANY,
                 [
                     "ansible/ip-allocation.yml",
                     "ansible/ssh-known-host.yml",
+                    "ansible/kayobe-ansible-user.yml",
                     "ansible/kayobe-target-venv.yml",
                     "ansible/users.yml",
                     "ansible/yum.yml",