diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index b76b98b..cbf8edc 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -119,6 +119,27 @@ jobs:
             echo "$DEPLOY_KNOWN_HOSTS" >> ~/.ssh/known_hosts
             chmod 600 ~/.ssh/known_hosts
           fi
+      - name: Test SSH password login
+        env:
+          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
+          DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }}
+          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
+          DEPLOY_PASSWORD: ${{ secrets.DEPLOY_PASSWORD }}
+          SSHPASS: ${{ secrets.DEPLOY_PASSWORD }}
+        run: |
+          if [ -z "$DEPLOY_PASSWORD" ]; then
+            echo "DEPLOY_PASSWORD secret is empty."
+            exit 1
+          fi
+          sshpass -e ssh \
+            -p "${DEPLOY_PORT:-22}" \
+            -o StrictHostKeyChecking=no \
+            -o UserKnownHostsFile=/dev/null \
+            -o PreferredAuthentications=password \
+            -o PubkeyAuthentication=no \
+            -o NumberOfPasswordPrompts=1 \
+            "${DEPLOY_USER}@${DEPLOY_HOST}" \
+            "echo SSH connection ok"
       - name: Deploy files with rsync over SSH
         env:
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
@@ -133,8 +154,8 @@ jobs:
             exit 1
           fi
           mkdir -p ~/.ssh
-          rsync -az --delete \
-            -e "sshpass -e ssh -p ${DEPLOY_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" \
+          sshpass -e rsync -az --delete \
+            -e "ssh -p ${DEPLOY_PORT:-22} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o PreferredAuthentications=password -o PubkeyAuthentication=no -o NumberOfPasswordPrompts=1" \
             --exclude='.env' \
             --exclude='storage/' \
             --exclude='storage/logs/*' \
@@ -164,6 +185,9 @@ jobs:
             -p "${DEPLOY_PORT:-22}" \
             -o StrictHostKeyChecking=no \
             -o UserKnownHostsFile=/dev/null \
+            -o PreferredAuthentications=password \
+            -o PubkeyAuthentication=no \
+            -o NumberOfPasswordPrompts=1 \
             "${DEPLOY_USER}@${DEPLOY_HOST}" \
             "mkdir -p \"${DEPLOY_PATH}\" && cat > \"${DEPLOY_PATH}/.env\" && chmod 600 \"${DEPLOY_PATH}/.env\""
       - name: Run post-deploy Laravel commands
@@ -183,6 +207,9 @@ jobs:
             -p "${DEPLOY_PORT:-22}" \
             -o StrictHostKeyChecking=no \
             -o UserKnownHostsFile=/dev/null \
+            -o PreferredAuthentications=password \
+            -o PubkeyAuthentication=no \
+            -o NumberOfPasswordPrompts=1 \
             "${DEPLOY_USER}@${DEPLOY_HOST}" \
             "cd ${DEPLOY_PATH} && mkdir -p storage/framework/cache/data storage/framework/sessions storage/framework/views storage/logs bootstrap/cache && chmod -R ug+rw storage bootstrap/cache && php artisan optimize:clear && php artisan config:cache && php artisan route:cache && php artisan view:cache"
 # Required repository secrets: