diff --git a/roles/upload-git-mirror/README.rst b/roles/upload-git-mirror/README.rst
index bc24cdf5e..2bb7f8ae1 100644
--- a/roles/upload-git-mirror/README.rst
+++ b/roles/upload-git-mirror/README.rst
@@ -20,11 +20,16 @@ superuser privileges to run.
 
      SSH host for the remote git repository
 
-  .. zuul:rolevar:: key
+  .. zuul:rolevar:: ssh_key
 
      Literal private key contents.
      Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``.
 
+  .. zuul:rolevar:: host_key
+
+     SSH host key of the remote git server.
+     Can be obtained with ``ssh-keyscan -H <host>``.
+
 .. zuul:rolevar:: git_mirror_repository
 
    Path of the remote git repository
diff --git a/roles/upload-git-mirror/defaults/main.yaml b/roles/upload-git-mirror/defaults/main.yaml
index 84eb22142..145f0fd5b 100644
--- a/roles/upload-git-mirror/defaults/main.yaml
+++ b/roles/upload-git-mirror/defaults/main.yaml
@@ -3,7 +3,8 @@
 # git_mirror_credentials:
 #   user:
 #   host:
-#   key:
+#   ssh_key:
+#   host_key:
 
 # Repository to replicate to
 # git_mirror_repository:
diff --git a/roles/upload-git-mirror/tasks/main.yaml b/roles/upload-git-mirror/tasks/main.yaml
index 06cbb00e8..4c3ee9203 100644
--- a/roles/upload-git-mirror/tasks/main.yaml
+++ b/roles/upload-git-mirror/tasks/main.yaml
@@ -6,7 +6,7 @@
 
     - name: Set up private key
       copy:
-        content: "{{ git_mirror_credentials.key }}"
+        content: "{{ git_mirror_credentials.ssh_key }}"
         dest: "{{ ssh_private_key_tmp.path }}"
         mode: 0600
 
@@ -26,6 +26,12 @@
         mode: 0600
         block: "{{ ssh_config }}"
 
+    - name: Add host key to known hosts
+      known_hosts:
+        state: present
+        name: "{{ git_mirror_credentials.host }}"
+        key: "{{ git_mirror_credentials.host_key }}"
+
     - name: Mirror the git repository
       command: git push --mirror {{ git_mirror_credentials.user }}@{{ git_mirror_credentials.host }}:{{ git_mirror_repository }}
       args:
@@ -45,3 +51,10 @@
         mode: 0600
         block: "{{ ssh_config }}"
       register: git_mirror_ssh_config_removed
+
+    - name: Remove host key from known hosts
+      known_hosts:
+        state: absent
+        name: "{{ git_mirror_credentials.host }}"
+        key: "{{ git_mirror_credentials.host_key }}"
+      register: git_mirror_host_key_removed
diff --git a/zuul.yaml b/zuul.yaml
index 4a6683e82..e40dc09d0 100644
--- a/zuul.yaml
+++ b/zuul.yaml
@@ -68,11 +68,16 @@
 
           SSH host for the remote git repository
 
-        .. zuul:jobvar:: key
+        .. zuul:jobvar:: ssh_key
 
           Literal private key contents.
           Should start with something like ``-----BEGIN RSA PRIVATE KEY-----``.
 
+        .. zuul:jobvar:: host_key
+
+          SSH host key of the remote git server.
+          Can be obtained with ``ssh-keyscan -H <host>``.
+
       .. zuul:jobvar:: git_mirror_repository
 
         Path of the remote git repository