diff --git a/elements/openssh/README.md b/elements/openssh/README.md
new file mode 100644
index 00000000..8e97787d
--- /dev/null
+++ b/elements/openssh/README.md
@@ -0,0 +1,5 @@
+=======
+openssh
+=======
+
+Override the default openssh configuration.
diff --git a/elements/openssh/post-install.d/71-openssh b/elements/openssh/post-install.d/71-openssh
new file mode 100755
index 00000000..b49b7728
--- /dev/null
+++ b/elements/openssh/post-install.d/71-openssh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+# https://bugs.launchpad.net/tripleo/+bug/1774557
+sed -i 's/#UseDNS yes/UseDNS no/' /etc/ssh/sshd_config
diff --git a/releasenotes/notes/openssh-79e2d39397761e74.yaml b/releasenotes/notes/openssh-79e2d39397761e74.yaml
new file mode 100644
index 00000000..818966dc
--- /dev/null
+++ b/releasenotes/notes/openssh-79e2d39397761e74.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    An element can now override the default openssh configuration.
+    For now, we set UseDNS to 'no' to avoid timeouts when Ansible tries
+    to run remote tasks via ssh.