diff --git a/ansible/group_vars/all/seed-hypervisor b/ansible/group_vars/all/seed-hypervisor
index 58c3b0fcda6545620d70a7831d6cb97f28bdb2ec..2ead10389461b718f6f9efcc2502f598f8d2b6c5 100644
--- a/ansible/group_vars/all/seed-hypervisor
+++ b/ansible/group_vars/all/seed-hypervisor
@@ -1,4 +1,11 @@
 ---
+###############################################################################
+# Seed hypervisor node configuration.
+
+# User with which to access the seed hypervisor via SSH during bootstrap, in
+# order to setup the Kayobe user account.
+seed_hypervisor_bootstrap_user: "{{ lookup('env', 'USER') }}"
+
 ###############################################################################
 # Seed hypervisor network interface configuration.
 
diff --git a/ansible/group_vars/seed-hypervisor/ansible-user b/ansible/group_vars/seed-hypervisor/ansible-user
index c0d606c19e733d882cc2a77e81e3c474ba0e75af..963472f5f7e28c69d7d6d14e945b02aa3a4e82cb 100644
--- a/ansible/group_vars/seed-hypervisor/ansible-user
+++ b/ansible/group_vars/seed-hypervisor/ansible-user
@@ -1,3 +1,7 @@
 ---
 # User with which to access the seed hypervisor via SSH.
 ansible_user: "{{ kayobe_ansible_user }}"
+
+# User with which to access the seed hypervisor before the kayobe_ansible_user
+# account has been created.
+bootstrap_user: "{{ seed_hypervisor_bootstrap_user }}"
diff --git a/etc/kayobe/seed-hypervisor.yml b/etc/kayobe/seed-hypervisor.yml
index 968cec9a2169f2b81c325d653c2b91840a18fa9d..93ccd5d3b619414ae62c8f5548096c9283c17b3e 100644
--- a/etc/kayobe/seed-hypervisor.yml
+++ b/etc/kayobe/seed-hypervisor.yml
@@ -1,4 +1,11 @@
 ---
+###############################################################################
+# Seed hypervisor node configuration.
+
+# User with which to access the seed hypervisor via SSH during bootstrap, in
+# order to setup the Kayobe user account.
+#seed_hypervisor_bootstrap_user:
+
 ###############################################################################
 # Seed hypervisor network interface configuration.
 
diff --git a/kayobe/cli/commands.py b/kayobe/cli/commands.py
index 61b43b4f86660c1c424b652b23e8d3f4f7d27f37..a2f340dc2c95b93147e117ebed2e4eafc7be8d62 100644
--- a/kayobe/cli/commands.py
+++ b/kayobe/cli/commands.py
@@ -263,6 +263,7 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
 
     * Allocate IP addresses for all configured networks.
     * Add the host to SSH known hosts.
+    * Configure a user account for use by kayobe for SSH access.
     * Optionally, create a virtualenv for remote target hosts.
     * Configure user accounts, group associations, and authorised SSH keys.
     * Configure Yum repos.
@@ -274,10 +275,19 @@ class SeedHypervisorHostConfigure(KollaAnsibleMixin, KayobeAnsibleMixin,
 
     def take_action(self, parsed_args):
         self.app.LOG.debug("Configuring seed hypervisor host OS")
+        # Explicitly request the dump-config tag to ensure this play runs even
+        # if the user specified tags.
+        ansible_user = self.run_kayobe_config_dump(
+            parsed_args, host="seed-hypervisor",
+            var_name="kayobe_ansible_user", tags="dump-config")
+        if not ansible_user:
+            self.app.LOG.error("Could not determine kayobe_ansible_user "
+                               "variable for seed hypervisor host")
+            sys.exit(1)
         playbooks = _build_playbook_list(
-            "ip-allocation", "ssh-known-host", "kayobe-target-venv", "users",
-            "yum", "dev-tools", "network", "sysctl", "ntp",
-            "seed-hypervisor-libvirt-host")
+            "ip-allocation", "ssh-known-host", "kayobe-ansible-user",
+            "kayobe-target-venv", "users", "yum", "dev-tools", "network",
+            "sysctl", "ntp", "seed-hypervisor-libvirt-host")
         self.run_kayobe_playbooks(parsed_args, playbooks,
                                   limit="seed-hypervisor")
 
diff --git a/kayobe/tests/unit/cli/test_commands.py b/kayobe/tests/unit/cli/test_commands.py
index 237ce8284adf34e5b158b94f1c3e3856aa53db0f..d89d8b9fe7000ce0a41c926d58c4eb9324dfe491 100644
--- a/kayobe/tests/unit/cli/test_commands.py
+++ b/kayobe/tests/unit/cli/test_commands.py
@@ -82,22 +82,32 @@ class TestCase(unittest.TestCase):
         ]
         self.assertEqual(expected_calls, mock_run.call_args_list)
 
+    @mock.patch.object(commands.KayobeAnsibleMixin,
+                       "run_kayobe_config_dump")
     @mock.patch.object(commands.KayobeAnsibleMixin,
                        "run_kayobe_playbooks")
-    def test_seed_hypervisor_host_configure(self, mock_run):
+    def test_seed_hypervisor_host_configure(self, mock_run, mock_dump):
         command = commands.SeedHypervisorHostConfigure(TestApp(), [])
         parser = command.get_parser("test")
         parsed_args = parser.parse_args([])
+        mock_dump.return_value = "stack"
 
         result = command.run(parsed_args)
         self.assertEqual(0, result)
 
+        expected_calls = [
+            mock.call(mock.ANY, host="seed-hypervisor",
+                      var_name="kayobe_ansible_user", tags="dump-config")
+        ]
+        self.assertEqual(expected_calls, mock_dump.call_args_list)
+
         expected_calls = [
             mock.call(
                 mock.ANY,
                 [
                     "ansible/ip-allocation.yml",
                     "ansible/ssh-known-host.yml",
+                    "ansible/kayobe-ansible-user.yml",
                     "ansible/kayobe-target-venv.yml",
                     "ansible/users.yml",
                     "ansible/yum.yml",