Alternate setup for SSH login forwarding to gitea container

I do have an alternate setup allowing me to

  • run gitea within a container not exposed to the outside
  • forward ssh connections of gitea@host to the container

One advantage of my setup (M) over (S) is this:

  • (S) copies the authorized_keys from the container to the host
  • assume someone could hack gitea, then it is quite easy for him/her to get access to the host
  • (M) creates a more controlled version of the authorized_keys on the host
  • hacked authorized_keys within the container typically lead to get access to the container

I can describe the setup in case there is any interest.

Best regards, Uli