#!/bin/bash

SSHD_CONFIG=/etc/ssh/sshd_config
CA_FILE=/etc/ssh/trusted-ca.pem
VAULT_CERT="https://vlt.cynarski.dev/v1/ssh-test/public_key"

if !(grep -q "TrustedUserCAKeys" $SSHD_CONFIG); then
     curl -o $CA_FILE $VAULT_CERT
     echo "TrustedUserCAKeys ${CA_FILE}" | tee -a $SSHD_CONFIG
else 
	CA_FILE=$(grep "TrustedUserCAKeys" $SSHD_CONFIG|cut -d' ' -f2)
	echo $CA_FILE
	curl $VAULT_CERT >> $CA_FILE	
fi