diff --git a/loctevm-reset-prereq.inc.yml b/loctevm-reset-prereq.inc.yml
index 75bf629..de0a0fc 100644
--- a/loctevm-reset-prereq.inc.yml
+++ b/loctevm-reset-prereq.inc.yml
@@ -6,6 +6,36 @@
 - name: prepare escalation
   set_fact: ansible_become_pass=bloed ansible_ssh_pass=bloed
 
+#- name: ensure absence of local known-hosts entry FIXME remove here
+#  known_hosts: host={{ansible_host}} state=absent
+#  delegate_to: 127.0.0.1  # local action
+
+#- name: do dummy commit to ensure known host key
+#  command: ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no hein@{{ansible_host}} true
+#  delegate_to: 127.0.0.1  # local action
+#  changed_when: False
+#  failed_when: False
+
 - name: ensure admin user
   user: comment="FFMWU Administrator" name=admin shell=/bin/bash state=present
   become: True
+
+- name: ensure users ssh key to admin user
+  authorized_key: user=admin key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+  become: True
+
+- name: ensure users ssh key to bootstrap user
+  authorized_key: user=hein key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+- name: ensure no-pw sudo capability for admin and bootstrap user
+  lineinfile:
+    create: yes
+    dest: /etc/sudoers.d/ffmwu
+    line: "admin,hein ALL = (root) NOPASSWD: ALL"
+    mode: 0440
+    validate: visudo -c -f %s
+  become: True
+
+- name: from this point on prevent pw for bootstrap user
+  user: user=hein password=X
+  become: True
diff --git a/loctevm-reset-vm.inc.yml b/loctevm-reset-vm.inc.yml
index 6e6b339..6b8fbd7 100644
--- a/loctevm-reset-vm.inc.yml
+++ b/loctevm-reset-vm.inc.yml
@@ -3,7 +3,6 @@
 - name: find already defined local VMs
   virt: command=list_vms
   delegate_to: 127.0.0.1  # local action
-#  become: True
   register: vms
 
 - block:
@@ -13,6 +12,10 @@
       dest: "{{ vm_path }}/loctevm.xml"
     delegate_to: 127.0.0.1  # local action
 
+  - name: ensure absence of outdated local known-hosts entry
+    known_hosts: host={{ansible_host}} state=absent
+    delegate_to: 127.0.0.1  # local action
+
   - name: define VM
     virt:
       command: define
@@ -20,5 +23,11 @@
       xml: "{{ lookup('file',vm_path ~ '/loctevm.xml') }}"
     delegate_to: 127.0.0.1  # local action
 
+  - name: do dummy connect to ensure new local known host entry
+    command: ssh -o PasswordAuthentication=no -o StrictHostKeyChecking=no hein@{{ansible_host}} true
+    delegate_to: 127.0.0.1  # local action
+    changed_when: False
+    failed_when: False
+
   when: not inventory_hostname in vms.list_vms
   # block end
diff --git a/loctevm-reset.yml b/loctevm-reset.yml
index 0ab43af..107a0b6 100755
--- a/loctevm-reset.yml
+++ b/loctevm-reset.yml
@@ -16,7 +16,7 @@
     delegate_to: 127.0.0.1  # local action
 
   - name: ensure image file  # FIXME: change to rm + recreate
-    command: fallocate -l 10G {{ vm_path }}/loctevm.img  # 15G? size?
+    command: fallocate -l 5G {{ vm_path }}/loctevm.img  # 15G? size?
     args:
       creates: "{{ vm_path }}/loctevm.img"
     delegate_to: 127.0.0.1  # local action
@@ -41,7 +41,7 @@
     delegate_to: 127.0.0.1  # local action
 
   - name: wait for port 80 to appear (after reboot after OS installation)
-    wait_for: host={{ansible_host}} port=80 state=started timeout=300
+    wait_for: host={{ansible_host}} port=80 state=started timeout=900
     delegate_to: 127.0.0.1  # local action
 
 - hosts: test-vms