diff --git a/.forgejo/workflows/deploy.yaml b/.forgejo/workflows/deploy.yaml
index 506894f..132d9af 100644
--- a/.forgejo/workflows/deploy.yaml
+++ b/.forgejo/workflows/deploy.yaml
@@ -11,18 +11,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:     
       - name: Install dependencies
-        run: apk --no-cache add hugo python3 py3-pip git
+        run: apk --no-cache add hugo python3 py3-pip git openssh-client rsync
 
-      - name: Check install
+      - name: Check versions
         run: |
           cat /etc/os-release
           git version
           hugo version
           python --version
         
-      - name: Checkout repo
+      - name: Checkout repository
         run: |
-          git clone -b ${{ forgejo.ref_name }} https://git.berlin.ccc.de/cccb-website-team/www.git .
+          git clone -b ${{ forgejo.ref_name }} --recursive https://git.berlin.ccc.de/cccb-website-team/www.git .
           git status
 
       - name: Install Python depenndencies
@@ -31,32 +31,22 @@ jobs:
       - name: Render site
         run: ./build.sh
 
-      - name: Setup SSH key
-        if: forgejo.ref_name == 'staging'
+      - name: Setup SSH
+        env:
+          SSH_PRIVATE_KEY: ${{ forgejo.ref_name == 'production' && secrets.SSH_PRIVATE_KEY_PRODUCTION || secrets.SSH_PRIVATE_KEY_STAGING }}
         run: |
-          mkdir -p .ssh
-          echo ${{ secrets.SSH_PRIVATE_KEY_STAGING }} > .ssh/id_ed25519
-          chmod 600 .ssh/id_ed25519
-          ssh-keygen -f .ssh/id_ed25519 -y > .ssh/id_ed25519.pub
-          cat .ssh/id_ed25519.pub
+          mkdir -p ~/.ssh
+          printf "%s" "${{ secrets.KNOWN_HOSTS }}" | base64 -d > ~/.ssh/known_hosts
+          printf "%s" "$SSH_PRIVATE_KEY" | base64 -d > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          ssh-keygen -f ~/.ssh/id_ed25519 -y > ~/.ssh/id_ed25519.pub
+          cat ~/.ssh/id_ed25519.pub
 
-      - name: Setup SSH key
-        if: forgejo.ref_name == 'production'
-        run: |
-          mkdir -p .ssh
-          echo ${{ secrets.SSH_PRIVATE_KEY_PRODUCTION }} > .ssh/id_ed25519
-          chmod 600 .ssh/id_ed25519
-          ssh-keygen -f .ssh/id_ed25519 -y > .ssh/id_ed25519.pub
-          cat .ssh/id_ed25519.pub
-
-      - name: Sync rendered site to staging
-        if: forgejo.ref_name == 'staging'
-        run: rsync -var -e 'ssh -i .ssh/id_ed25519' ./public/ deploy@www.berlin.ccc.de:srv/http/www-staging/
-        continue-on-error: true
-      - name: Sync rendered site to production
-        if: forgejo.ref_name == 'production'
-        run: rsync -var -e 'ssh -i .ssh/id_ed25519' ./public/ deploy@www.berlin.ccc.de:srv/http/www/
-        continue-on-error: true
+      - name: Rsync rendered site
+        env:
+          DEPLOY_DIR: ${{ forgejo.ref_name == 'production' && '/srv/http/www/' || '/srv/http/www-staging/' }}
+        run: rsync -var -e 'ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes' ./public/ deploy@www.berlin.ccc.de:$DEPLOY_DIR
 
       - name: Cleanup
-        run: rm -rf .ssh
+        if: ${{ always() }}
+        run: rm -rf ~/.ssh