diff --git a/.github/actions/deploy-to-ec2/action.yml b/.github/actions/deploy-to-ec2/action.yml
index 16def30..f82ad30 100644
--- a/.github/actions/deploy-to-ec2/action.yml
+++ b/.github/actions/deploy-to-ec2/action.yml
@@ -8,6 +8,9 @@ inputs:
   host:
     required: true
     description: SSH host
+  ssh-host-key:
+    required: true
+    description: SSH host public key for strict host verification
   username:
     required: true
     description: SSH username
@@ -30,7 +33,7 @@ runs:
         _REMOTE_COMMAND: ${{ inputs.remote-command }}
       run: |
         missing=()
-        for var in _SSH_PRIVATE_KEY _HOST _USERNAME _REMOTE_COMMAND; do
+        for var in _SSH_PRIVATE_KEY _HOST _SSH_HOST_KEY _USERNAME _REMOTE_COMMAND; do
           if [ -z "${!var}" ]; then
             missing+=("${var#_}")
           fi
@@ -47,7 +50,7 @@ runs:
         mkdir -p ~/.ssh
         echo "${{ inputs.ssh-private-key }}" > ~/.ssh/deploy_key
         chmod 600 ~/.ssh/deploy_key
-        ssh-keyscan -H "${{ inputs.host }}" >> ~/.ssh/known_hosts 2>/dev/null
+        echo "${{ inputs.host }} ${{ inputs.ssh-host-key }}" >> ~/.ssh/known_hosts
 
     - name: 파일 업로드
       if: ${{ inputs.files != '' }}
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index c37b627..8147a00 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -59,6 +59,7 @@ jobs:
         with:
           ssh-private-key: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
           host: ${{ vars.EC2_HOST }}
+          ssh-host-key: ${{ vars.EC2_HOST_KEY }}
           username: ${{ vars.EC2_USERNAME }}
           files: deploy/deploy.sh deploy/secrets.env build/libs/sofia-${{ steps.version.outputs.version }}.jar
           remote-command: "/app/deploy.sh '/app/sofia-${{ steps.version.outputs.version }}.jar'"
diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml
index d5b8739..587bbb5 100644
--- a/.github/workflows/init.yml
+++ b/.github/workflows/init.yml
@@ -31,6 +31,7 @@ jobs:
         with:
           ssh-private-key: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
           host: ${{ vars.EC2_HOST }}
+          ssh-host-key: ${{ vars.EC2_HOST_KEY }}
           username: ${{ vars.EC2_USERNAME }}
           files: deploy/init.sh deploy/nginx-sofia.conf deploy/cert.pem deploy/key.pem
           remote-command: "bash /app/init.sh"
diff --git a/deploy/init.sh b/deploy/init.sh
index c4f2b9f..c238394 100755
--- a/deploy/init.sh
+++ b/deploy/init.sh
@@ -24,7 +24,14 @@ install_and_configure_nginx() {
     sudo systemctl enable --now nginx
 }
 
+save_host_key() {
+    echo "Saving host key..."
+    ssh-keyscan -t ed25519 localhost > /app/host_key 2>/dev/null
+    echo "Host key saved to /app/host_key"
+}
+
 # --- Main ---
 install_jdk
 install_and_configure_nginx
+save_host_key
 echo "Done."
diff --git a/gradle.properties b/gradle.properties
index 1fda163..6600801 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,5 +1,5 @@
 org.gradle.console=plain
 org.gradle.logging.level=quiet
 org.gradle.warning.mode=summary
-ywcheong.sofia.version=26b.04.01.2
+ywcheong.sofia.version=26b.04.01.3
 ywcheong.sofia.jdk_version=21
\ No newline at end of file