diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index 0edb738f85..37feec5da2 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -28,19 +28,12 @@ jobs:
           fi
           node --version
 
-      - name: Setup SSH for Gitea
+      - name: Get Gitea SSH host key
+        id: ssh-host-key
         shell: bash
         run: |
-          mkdir -p ~/.ssh
-          ssh-keyscan -H gitea.kindred.internal >> ~/.ssh/known_hosts 2>/dev/null
-          chmod 600 ~/.ssh/known_hosts
-          # Override SSSD KnownHostsCommand that interferes with SSH
-          cat >> ~/.ssh/config << 'EOF'
-          Host gitea.kindred.internal
-            StrictHostKeyChecking no
-            UserKnownHostsFile ~/.ssh/known_hosts
-          EOF
-          chmod 600 ~/.ssh/config
+          HOST_KEY=$(ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal 2>/dev/null | head -1)
+          echo "host-key=$HOST_KEY" >> $GITHUB_OUTPUT
 
       - name: Checkout repository
         uses: https://code.forgejo.org/actions/checkout@v4
@@ -48,6 +41,8 @@ jobs:
           submodules: recursive
           fetch-depth: 0
           ssh-key: ${{ secrets.DEPLOY_KEY }}
+          ssh-known-hosts: ${{ steps.ssh-host-key.outputs.host-key }}
+          ssh-strict: false
 
       - name: Install pixi if needed
         shell: bash
diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml
index fd2f4fb6ba..658a45f6a1 100644
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -36,19 +36,12 @@ jobs:
           fi
           node --version
 
-      - name: Setup SSH for Gitea
+      - name: Get Gitea SSH host key
+        id: ssh-host-key
         shell: bash
         run: |
-          mkdir -p ~/.ssh
-          ssh-keyscan -H gitea.kindred.internal >> ~/.ssh/known_hosts 2>/dev/null
-          chmod 600 ~/.ssh/known_hosts
-          # Override SSSD KnownHostsCommand that interferes with SSH
-          cat >> ~/.ssh/config << 'EOF'
-          Host gitea.kindred.internal
-            StrictHostKeyChecking no
-            UserKnownHostsFile ~/.ssh/known_hosts
-          EOF
-          chmod 600 ~/.ssh/config
+          HOST_KEY=$(ssh-keyscan -t ed25519,rsa,ecdsa gitea.kindred.internal 2>/dev/null | head -1)
+          echo "host-key=$HOST_KEY" >> $GITHUB_OUTPUT
 
       - name: Checkout repository
         uses: https://code.forgejo.org/actions/checkout@v4
@@ -57,6 +50,8 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
           ssh-key: ${{ secrets.DEPLOY_KEY }}
+          ssh-known-hosts: ${{ steps.ssh-host-key.outputs.host-key }}
+          ssh-strict: false
 
       - name: Install pixi if needed
         shell: bash