diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml
index e15b6bc..72307a2 100644
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@@ -40,9 +40,18 @@ jobs:
           : "${SERVICE_HOST:?Missing secret SERVICE_HOST}"
           : "${SERVICE_SSH_KEY:?Missing secret SERVICE_SSH_KEY}"
 
+          SERVICE_IP="$(getent ahostsv4 "$SERVICE_HOST" | awk '{print $1; exit}')"
+          if [[ -z "${SERVICE_IP}" ]]; then
+            echo "ERROR: Could not resolve IPv4 for $SERVICE_HOST" >&2
+            getent hosts "$SERVICE_HOST" || true
+            exit 1
+          fi
+
+          echo "Resolved IPv4: $SERVICE_HOST -> $SERVICE_IP"
+
           echo "Checking TCP/22 reachability..."
-          timeout 5 bash -lc "</dev/tcp/$SERVICE_HOST/22" || {
-            echo "ERROR: Cannot reach $SERVICE_HOST:22 from runner container" >&2
+          timeout 5 bash -lc "</dev/tcp/$SERVICE_IP/22" || {
+            echo "ERROR: Cannot reach $SERVICE_HOST ($SERVICE_IP):22 from runner container" >&2
             exit 1
           }
 
@@ -51,8 +60,8 @@ jobs:
           chmod 600 ~/.ssh/id_ed25519
 
           echo "Fetching host key (ssh-keyscan)..."
-          ssh-keyscan -T 5 -H "$SERVICE_HOST" >> ~/.ssh/known_hosts || {
-            echo "ERROR: ssh-keyscan failed for $SERVICE_HOST" >&2
+          ssh-keyscan -4 -T 5 -H "$SERVICE_HOST" "$SERVICE_IP" >> ~/.ssh/known_hosts || {
+            echo "ERROR: ssh-keyscan failed for $SERVICE_HOST ($SERVICE_IP)" >&2
             exit 1
           }