diff --git a/roles/backup/tasks/borgcontroller.yml b/roles/backup/tasks/borgcontroller.yml
index 5a3a859..a08392e 100644
--- a/roles/backup/tasks/borgcontroller.yml
+++ b/roles/backup/tasks/borgcontroller.yml
@@ -87,4 +87,42 @@
 
 - name: Build borg SSH URI
   ansible.builtin.set_fact:
-    borgcontroller_repo_uri: "ssh://{{ _bc_repo.repository }}@{{ _bc_config.json.borgSshHost.split('@')[1] }}/./repos"
+    borgcontroller_repo_uri: "ssh://{{ _bc_config.json.borgSshHost }}/./{{ _bc_repo.id }}"
+    _bc_borg_host: "{{ _bc_config.json.borgSshHost.split('@')[1].split(':')[0] }}"
+    _bc_borg_port: "{{ _bc_config.json.borgSshHost.split('@')[1].split(':')[1] | default('22') }}"
+
+- name: Ensure /root/.ssh exists
+  ansible.builtin.file:
+    path: /root/.ssh
+    state: directory
+    owner: root
+    group: root
+    mode: '0700'
+
+- name: Scan borg server SSH host key
+  ansible.builtin.command: ssh-keyscan -p {{ _bc_borg_port }} {{ _bc_borg_host }}
+  register: _bc_keyscan
+  changed_when: false
+  check_mode: false
+
+- name: Trust borg server SSH host key (root known_hosts)
+  ansible.builtin.lineinfile:
+    path: /root/.ssh/known_hosts
+    line: "{{ item }}"
+    create: true
+    owner: root
+    group: root
+    mode: '0600'
+  loop: "{{ _bc_keyscan.stdout_lines }}"
+  when:
+    - item | length > 0
+    - not item.startswith('#')
+
+- name: Initialize borg repository (no-op if already initialized)
+  ansible.builtin.command:
+    cmd: borg init --encryption=none {{ borgcontroller_repo_uri }}
+  register: _borg_init
+  changed_when: _borg_init.rc == 0
+  failed_when:
+    - _borg_init.rc != 0
+    - "'already exists' not in (_borg_init.stderr | default(''))"