VM. "vagrant ssh" is then a simple wrapper around ssh to use the right
key, username and IP address etc.
-We can borrow some of the same setup for the runtime VM. When starting
-it from inside the toolchain VM, we can copy the SSH public key into
-the shared data directory /vagrant. We can set up port forwarding
-within the toolchain VM too, and expose that in the
-Vagrantfile. Arbitrarily, let's use port 2223 for the ssh connection
-to the runtime VM. That will give us the following port usage:
+To enable consistent-ish access to the toolchain VM and the runtime
+VM, I first tried to set up extra forwarding at the Virtualbox layer:
HOST TOOLCHAIN VM RUNTIME VM
2222 <-> 22 ---
2223 <-> 2222 <-> 22
-It's worth adding a single wrapper script to make the ssh calls more
-consistent, rather than "vagrant ssh" for the toolchain VM and
-something different / more complicated for the runtime VM.
+... but that did not work - connections from to port 2223 on the host
+would fail with very little diagnostics available. In the end, I went
+with using the toolchain VM as a proxy or "jump host". This involves
+adding some extra ssh configuration. As I was already thinking about
+adding an extra wrapper script to help with consistent access
+*anyway*, this is not too difficult to set up.
+
+To make authentication work in both VMs, we use the same SSH
+keypair. When starting the runtime VM inside the toolchain VM, we
+simply copy the SSH public key into the shared data directory
+/vagrant/runtime. The runtime VM is configured to use that location
+for the authorized_keys file - see below. The local ssh config we're
+using specifies the same private key for both. Easy!
+
+The provided script "vm_ssh" does the right thing on Linux (and
+MacOS).
+
+************************************
+We may need a tweaked equivalent "vm_ssh.bat" for Windows to use the
+right style of file name, let's see
+************************************
Data access
-----------
--- /dev/null
+Host toolchain_vm
+ Hostname 127.0.0.1
+ Port 2222
+ User vagrant
+ IdentityFile .vagrant/machines/default/virtualbox/private_key
+ Compression yes
+ LogLevel FATAL
+ IdentitiesOnly yes
+ StrictHostKeyChecking no
+ UserKnownHostsFile /dev/null
+
+Host runtime_vm
+ Hostname 127.0.0.1
+ Port 2222
+ User vagrant
+ IdentityFile .vagrant/machines/default/virtualbox/private_key
+ Compression yes
+ LogLevel FATAL
+ IdentitiesOnly yes
+ StrictHostKeyChecking no
+ UserKnownHostsFile /dev/null
+ ProxyJump toolchain_vm
\ No newline at end of file