diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7146c1e..b372392 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -15,47 +15,55 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    environment: SSH-KEY
+    environment: SSH-KEY  # 确保该环境配置了KEY、PASSPHRASE、SERVER_USER、SERVER_ADDRESS等变量
     steps:
     - uses: actions/checkout@v4
     
     - name: 安装依赖工具
-      run: sudo apt-get install -y sshpass expect
+      run: |
+        # 移除sshpass（不再使用密码登录），保留expect用于处理密钥密码
+        sudo apt-get update
+        sudo apt-get install -y expect
+        
+    - name: 配置SSH密钥并启动ssh-agent
+      run: |
+        # 创建SSH目录并设置正确权限
+        mkdir -p ~/.ssh
+        chmod 700 ~/.ssh
+        
+        # 将GitHub Secrets中的KEY写入私钥文件
+        echo "${{ secrets.KEY }}" > ~/.ssh/id_rsa
+        chmod 600 ~/.ssh/id_rsa  # SSH密钥必须是600权限，否则会被拒绝
+        
+        # 启动ssh-agent并加载密钥（处理密钥密码）
+        eval $(ssh-agent -s)
+        expect -c "
+          spawn ssh-add ~/.ssh/id_rsa
+          expect \"Enter passphrase for /home/runner/.ssh/id_rsa:\"
+          send \"${{ secrets.PASSPHRASE }}\r\"
+          expect eof
+        "
+        
+        # 禁用StrictHostKeyChecking，避免首次连接的确认提示
+        echo "StrictHostKeyChecking no" >> ~/.ssh/config
+        chmod 600 ~/.ssh/config
     
     - name: 执行部署
       run: |
-        sshpass -p "${{ secrets.SERVER_PASSWORD }}" ssh -o StrictHostKeyChecking=no -p 42422 ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }} '
+        # 使用SSH密钥登录服务器，不再需要sshpass
+        ssh -p 42422 ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }} '
         set -ex
         echo "=== 部署调试信息开始 ==="
         echo "测试sudo权限..."
+        # 注意：这里仍需要服务器用户密码（如果sudo需要），请确保secrets.SERVER_PASSWORD已配置
         echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S whoami
         echo "停止服务..."
         echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl stop neobot.service
         echo "修复文件权限..."
         echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S chown -R ${{ secrets.SERVER_USER }}:${{ secrets.SERVER_USER }} /home/luoxiaolei/neobot/NeoBot
         cd /home/luoxiaolei/neobot/NeoBot
-        echo "配置Git安全目录..."
-        git config --global --add safe.directory /home/luoxiaolei/neobot/NeoBot
-        echo "检查Git配置..."
-        git config --global --list | grep -i "safe.directory"
-        echo "检查Git远程仓库..."
-        git remote -v
-        echo "检查SSH配置..."
-        echo "当前用户: $(whoami)"
-        echo "家目录: $HOME"
-        echo "检查SSH密钥..."
-        ls -la ~/.ssh/ 2>/dev/null || echo "没有SSH目录"
-        echo "检查SSH代理..."
-        ssh-add -l 2>/dev/null || echo "SSH代理没有密钥"
-        echo "测试GitHub SSH连接..."
-        ssh -T git@github.com 2>&1 || echo "SSH连接测试失败"
-        echo "拉取最新代码..."
-        # 设置Git超时时间，并禁用主机密钥检查
-        GIT_SSH_COMMAND="ssh -o ConnectTimeout=30 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null"
-        export GIT_SSH_COMMAND
-        echo "环境变量 GIT_SSH_COMMAND: $GIT_SSH_COMMAND"
-        echo "尝试拉取代码（详细模式）..."
-        GIT_TRACE=1 GIT_SSH_COMMAND="ssh -o ConnectTimeout=30 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null" git pull origin main 2>&1
+        echo "拉取最新代码（服务器本地已有GitHub密钥）..."
+        git pull origin main
         echo "启动服务..."
         echo "${{ secrets.SERVER_PASSWORD }}" | sudo -S systemctl start neobot.service
         echo "检查服务状态..."
@@ -63,10 +71,10 @@ jobs:
         echo "部署完成！"
         echo "=== 部署调试信息结束 ==="
         '
-      continue-on-error: true
+      continue-on-error: false  # 部署失败时直接终止，便于排查问题
     
     - name: 检查部署状态
       if: failure()
       run: |
-        echo "部署失败！请检查服务器日志。"
+        echo "部署失败！请检查服务器日志和Actions执行日志。"
         exit 1