diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5ebc0e1..131ddec 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -52,22 +52,24 @@ deploy:
   image: alpine:latest
   stage: deploy
   rules:
-    - if: $CI_COMMIT_REF_NAME == "master"
+    - if: '$CI_COMMIT_REF_NAME == "master"'
   variables:
     SSH_HOST: "prod-team-15-2pc0i3lc.final.prodcontest.ru"
     SSH_USER: "ubuntu"
-    SSH_ADDRESS: $SSH_USER@$SSH_HOST
+    SSH_ADDRESS: "$SSH_USER@$SSH_HOST"
     SSH_PRIVATE_KEY_BASE64: "$ENV_PRIVATE_KEY_BASE64"
   before_script:
     - apk add --no-cache openssh-client
   script:
-    - mkdir -p ~/.ssh
-    - echo "$SSH_PRIVATE_KEY_BASE64" | base64 -d > ~/.ssh/id_rsa
+    - mkdir -p ~/.ssh && chmod 700 ~/.ssh
+    - printf "%s" "$SSH_PRIVATE_KEY_BASE64" | base64 -d -i > ~/.ssh/id_rsa
     - chmod 600 ~/.ssh/id_rsa
-    - scp -o StrictHostKeyChecking=no -r infrastructure/ compose.yaml ${SSH_USER}@${SSH_HOST}:~/deploy/
-    - ssh -o StrictHostKeyChecking=no ${SSH_USER}@${SSH_HOST} "
-      cd ~/deploy &&
-      docker compose pull &&
-      docker compose down &&
-      docker compose up -d --remove-orphans
-      "
+    - ssh-keyscan -H "$SSH_HOST" >> ~/.ssh/known_hosts
+    - scp -C -r infrastructure/ compose.yaml "$SSH_ADDRESS":~/deploy/
+    - ssh "$SSH_ADDRESS" << 'EOF'
+        set -e
+        cd ~/deploy
+        docker compose pull
+        docker compose down
+        docker compose up -d --remove-orphans
+      EOF