diff --git a/Dockerfile b/Dockerfile
index b953242..1e6c142 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,8 +12,6 @@ FROM rockylinux:8.9
 LABEL org.opencontainers.image.authors="Lucas Ritzdorf <lritzdorf@lanl.gov>"
 
 # Define API base URLs
-## Ansible connection timeout; this will vary by system
-ENV ANSIBLE_TIMEOUT=300
 ## OPAAL server for auth token provisioning
 ENV OPAAL_URL=http://opaal:3333
 ## SMD server for node inventory retrieval
diff --git a/ansible/main.yaml b/ansible/main.yaml
index 2aae299..da673c8 100644
--- a/ansible/main.yaml
+++ b/ansible/main.yaml
@@ -18,6 +18,14 @@
 - name: securely push cloud-init jwt to nodes
   hosts: all
   gather_facts: false
+  tasks:
+    - name: wait for node ssh setup
+      hosts: all
+      ansible.builtin.wait_for_connection:
+        connect_timeout: 300
+        delay: 30
+        sleep: 5
+        timeout: 300
   roles:
     - role: tpm_secrets
       vars: