diff --git a/host_vars/portainer.yml b/host_vars/portainer.yml
index 5183cb5..2332da2 100644
--- a/host_vars/portainer.yml
+++ b/host_vars/portainer.yml
@@ -1,19 +1,25 @@
 ansible_user: howard
-ansible_password: "Papadopolus0"         # English: SSH password for howard@portainer
+ansible_password: "Papadopolus0"   # English: SSH password for howard@portainer
 ansible_connection: ssh
 ansible_port: 22
+
+# English: Force password/keyboard-interactive auth and disable pubkey for the target hop.
+# This avoids cases where OpenSSH sticks to pubkey and never falls back to password in CI.
 ansible_ssh_common_args: >-
   -o StrictHostKeyChecking=no
   -o UserKnownHostsFile=/dev/null
+  -o PreferredAuthentications=keyboard-interactive,password
+  -o PubkeyAuthentication=no
+  -o KbdInteractiveAuthentication=yes
   -J root@192.168.69.2
 
-# English: We escalate to root via sudo.
+# English: Make sure Ansible passes the password to SSH (older setups still read these).
+ansible_ssh_pass: "Papadopolus0"
+
+# English: If you need sudo later, keep become and provide sudo password.
 ansible_become: true
 ansible_become_method: sudo
-
-# English: SUDO password for howard (often same as SSH password; change if different).
 ansible_become_password: "Papadopolus0"
 
-# (Optional, for older installs—harmless to keep both)
-ansible_ssh_pass: "Papadopolus0"
-ansible_sudo_pass: "Papadopolus0"
\ No newline at end of file
+# English: Pipelining reduces SSH roundtrips and avoids TTY prompts in some sudo configs.
+ansible_ssh_pipelining: true
\ No newline at end of file
diff --git a/nextcloud/miniplay.yml b/nextcloud/miniplay.yml
index 278d4c9..f8f5dee 100644
--- a/nextcloud/miniplay.yml
+++ b/nextcloud/miniplay.yml
@@ -1,24 +1,25 @@
 ---
-- name: pure SSH and then sudo
+- name: "pure SSH and then sudo"
   hosts: nextcloud_host
   gather_facts: false
-
   tasks:
-    - name: Who am I as SSH user? (no sudo)
+    - name: "Who am I as SSH user? (no sudo)"
       become: false
       ansible.builtin.command: whoami
       changed_when: false
       register: who
 
-    - ansible.builtin.debug:
+    - name: "Show SSH user"
+      ansible.builtin.debug:
         msg: "SSH user is: {{ who.stdout }}"
 
-    - name: Who am I with sudo? (explicit become)
+    - name: "Who am I with sudo? (explicit become)"
       become: true
       become_method: sudo
       ansible.builtin.command: whoami
       changed_when: false
       register: who_root
 
-    - ansible.builtin.debug:
+    - name: "Show become user"
+      ansible.builtin.debug:
         msg: "Become user is: {{ who_root.stdout }}"
\ No newline at end of file