diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix
index c54b90c..2400edd 100644
--- a/nixbld-etc-nixos/configuration.nix
+++ b/nixbld-etc-nixos/configuration.nix
@@ -653,13 +653,14 @@ in
       </runcommand>
       <runcommand>
         job = web:web:web-intl
-        command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && export HOME=`mktemp -d` && \
-          mkdir $HOME/.ssh && \
-          cp /opt/hydra_id_ed25519 $HOME/.ssh/id_ed25519 && \
-          cp /opt/hydra_id_ed25519.pub $HOME/.ssh/id_ed25519.pub && \
-          echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > $HOME/.ssh/known_hosts && \
-          chmod 600 $HOME/.ssh/id_ed25519 && \
-          ${pkgs.rsync}/bin/rsync -r -c $(jq -r '.outputs[0].path' < $HYDRA_JSON) zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
+        command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && export TMPSSH=`mktemp -d` && \
+          trap "rm -rf ${TMPSSH@Q}" EXIT && \
+          mkdir $TMPSSH/.ssh && \
+          cp /opt/hydra_id_ed25519 $TMPSSH/.ssh/id_ed25519 && \
+          cp /opt/hydra_id_ed25519.pub $TMPSSH/.ssh/id_ed25519.pub && \
+          echo "5.78.86.156 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMbV69aqkHdQ1T5lMuALyHjNowU1rottZtEV4OhKQ6Y" > $TMPSSH/.ssh/known_hosts && \
+          chmod 600 $TMPSSH/.ssh/id_ed25519 && \
+          ${pkgs.rsync}/bin/rsync -r -e "${pkgs.openssh}/bin/ssh -i $TMPSSH/.ssh/id_ed25519 -o UserKnownHostsFile=$TMPSSH/.ssh/known_hosts -o IdentitiesOnly=yes" -c $(jq -r '.outputs[0].path' < $HYDRA_JSON)/ zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
       </runcommand>
       <runcommand>
         job = web:web:nmigen-docs