diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8ee438ad33..710b86cac5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1639,6 +1639,31 @@ release:
       - bind-${CI_COMMIT_TAG}-release
     expire_in: "1 month"
 
+.signer-ssh-job: &signer_ssh_job
+  stage: release
+  when: manual
+  allow_failure: false
+  tags:
+    - signer
+  script:
+    - ( rm -f "/tmp/${CI_JOB_NAME}.log" "/tmp/${CI_JOB_NAME}-done" && umask 111 && touch "/tmp/${CI_JOB_NAME}.log" "/tmp/${CI_JOB_NAME}-done" )
+    - |
+      cat > "/tmp/${CI_JOB_NAME}.sh" <<EOF
+      #!/bin/sh
+      set -e -x
+      {
+        ${SSH_SCRIPT_CLIENT}
+        echo "${CI_COMMIT_TAG}" > "/tmp/${CI_JOB_NAME}-done"
+      } 2>&1 | tee "/tmp/${CI_JOB_NAME}.log"
+      EOF
+    - chmod +x "/tmp/${CI_JOB_NAME}.sh"
+    - /bin/sh -c "set -e -x; ${SSH_SCRIPT_RUNNER_PRE}"
+    - echo -e "\e[31m*** Sleeping until /tmp/${CI_JOB_NAME}.sh is executed over SSH... ⌛\e[0m"
+    - while [ "$(cat "/tmp/${CI_JOB_NAME}-done")" != "${CI_COMMIT_TAG}" ]; do sleep 10; done
+    - /bin/sh -c "set -e -x; ${SSH_SCRIPT_RUNNER_POST}"
+    - cp "/tmp/${CI_JOB_NAME}.log" "${CI_PROJECT_DIR}/${CI_JOB_NAME}-${CI_COMMIT_TAG}.log"
+    - rm -f "/tmp/${CI_JOB_NAME}.log" "/tmp/${CI_JOB_NAME}-done" "/tmp/${CI_JOB_NAME}.sh"
+
 # Job signing the source tarballs in the release directory
 
 sign: