From a80330622ea3ade854fc9e183b4affdd66d004c6 Mon Sep 17 00:00:00 2001
From: Alexander Sergeevich <7339834@gmail.com>
Date: Fri, 6 Feb 2026 00:21:28 +0300
Subject: [PATCH] harden ssh key handling in deploy

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 .gitea/workflows/deploy-my-vpn.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/deploy-my-vpn.yml b/.gitea/workflows/deploy-my-vpn.yml
index a969acd..df9d0d3 100644
--- a/.gitea/workflows/deploy-my-vpn.yml
+++ b/.gitea/workflows/deploy-my-vpn.yml
@@ -17,8 +17,8 @@ jobs:
         run: |
           mkdir -p ~/.ssh
           chmod 700 ~/.ssh
-          echo "$VPN_SSH_KEY" > ~/.ssh/id_ci_runner
+          printf '%s\n' "$VPN_SSH_KEY" > ~/.ssh/id_ci_runner
           chmod 600 ~/.ssh/id_ci_runner
           ssh-keyscan -H "$VPN_HOST" >> ~/.ssh/known_hosts
 
-          ssh -i ~/.ssh/id_ci_runner "$VPN_USER@$VPN_HOST" "cd /srv/ip-ua && git fetch --all && git reset --hard origin/main && bash deploy/my-vpn/deploy.sh"
+          ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_ci_runner "$VPN_USER@$VPN_HOST" "cd /srv/ip-ua && git fetch --all && git reset --hard origin/main && bash deploy/my-vpn/deploy.sh"