# Trellis provisioning ansible server yml fails when root login not permitted

**URL:** https://discourse.roots.io/t/trellis-provisioning-ansible-server-yml-fails-when-root-login-not-permitted/6626
**Category:** trellis
**Created:** 2016-05-02T20:51:28Z
**Posts:** 10
**Showing post:** 7 of 10

## Post 7 by @merchantguru — 2017-02-15T16:31:09Z

> [@fullyint](#):
>
> change back to sshd\_permit\_root\_login: true and run the sshd role of server.yml to apply that change (e.g., ansible-playbook server.yml -e env=\<environment\> --tags sshd). Then run the users role, which will change the sudoer password. It will connect as root now, so no need for --ask-become-pass (e.g., just run ansible-playbook server.yml -e env=\<environment\> --tags users). Then finally, change back to sshd\_permit\_root\_login: false and apply the change by running the sshd role again.

Many thanks again @fullyint. I had a similar issue where all of a sudden I was getting `Incorrect sudo password` when provisioning when I had no problems before with admin\_user (admin). Using --ask-become-pass worked, but it was the same password in my vault file. I tried decrypting/re-encrypting the vault file, but that didn’t work.

So, just documenting what worked, per above:

set `sshd_permit_root_login: true` , then:

```
ansible-playbook server.yml -e env=production --tags sshd --ask-become-pass
ansible-playbook server.yml -e env=production --tags users
```

set `sshd_permit_root_login: false` , then:

```
ansible-playbook server.yml -e env=production --tags sshd
```

---

_[View the full topic](https://discourse.roots.io/t/trellis-provisioning-ansible-server-yml-fails-when-root-login-not-permitted/6626)._