0.0.14

Catch edge case where an ARN isn't an ARN..

0.0.13

Add 150s clock sway for token validation and clearer logging

0.0.12

Token time should be int not float

0.0.11

Certificate Options are now supported per-host. The Authoriser Lambda can return options for each Jumpbox object returned by using the CertificateOptions type provided. Currently supports:

• force-command
• source-address
• permit-X11-forwarding
• permit-agent-forwarding
• permit-port-forwarding

0.0.10

• Allow <account-id>:alias/MyAlias KMS key alias format
• Work for users whose homedir isn't /Users/aidan - oops.
• Fixed generated SSH config
• Stores generated files in a per-conn directory so that multiple connections can be opened simultaneously

0.0.9

• Fixed a bug in the Lambda wherein the fallback HostKeyAlias wouldn't be set for custom authorisers that leave it out.

0.0.8

• More user-friendly error messages during first-time user experience
• Show the setup flow for Windows users who double-click the client exe
• Switch to a CLI input library that plays nicely on Windows (arrow keys now work 🎉 )

0.0.7

• Added MFA support
• Added transparent execution (e.g. ssh ec2-user@<instance arn>)
• Very basic setup subcommand
• Can store Lambda and KMS key ARNs in ~/.lkp/config.yml

0.0.6

• Now supports sending the target instance IP to the client (closes #15)

0.0.5

• Passphrase-protected SSH keys are now supported
• Complete support for chained jumpboxes
• Added example SSH bastion CloudFormation template
• KMS key policy example uses kms:CallerAccount condition key so that any principals in any whitelisted can create tokens (part of ongoing #28)
• Custom authoriser "Principals" response property is now optional for user cert requests
• Smaller Mac binaries
• Added a few sensible defaults around the place