How to setup an SFTP server with RSA public key authentication mechanism

Why SFTP over FTP? The reason is visualized in its name: “S”, that means Security. Using SSH will employ a client-server model to authenticate two parties and encrypt the data between them. This topic will guide you through how to setup an SFTP authentication mechanism using public key cryptography, the working OS is CentOS version 6.9. Let’s get started!

1. Make sure ssh and ssh-server are installed

user@localhost:$which ssh

2. Create a new user and a new group in server

To be easier and clarified in permission managing, we should create a separated group for SFTP and add the corresponding user to the group. To acquire this, using the following groupadd and useradd command under root:

user@localhost:$sudo groupadd sftp_users 
user@localhost:$sudo useradd sftp_user1 
user@localhost:$sudo passwd sftp_user1
user@localhost:$sudo usermod -G sftp_users sftp_user1

3. Generate RSA public and private key

Let’s make a recall how public key cryptography works. This link for detail. In short, SSH key pairs can be used to authenticate a client to a server. The client creates a key pair and then uploads the public key to any remote server it wishes to access. This is placed in a file called authorized_keys within the ~/.ssh directory in the user account’s home directory on the remote server.

If you’re under *nix based OS, you can use ssh-keygen to generate keys as being described below. Otherwise, for Windows, you can use PuTTY, you can refer this article to know how to process the generating.

user@localhost:$ssh-keygen -t rsa -f sftp_rsa

Then, copy the public key to the server within the ~/.ssh folder (corresponding to which user will be authenticated).

user@localhost:$cd /home/sftp_user1/ 
user@localhost:$mkdir .ssh # In case of no .ssh folder inside
user@localhost:$ls -a
user@localhost:$cd .ssh # <= Copy the public key to this folder

4. Correct permissions and owner

user@localhost:$cd /home/sftp_user1/
user@localhost:$chmod 700 .ssh 
user@localhost:$chown sftp_user1:sftp_user1 .ssh 
user@localhost:$cd .ssh mv authorized_keys
user@localhost:$chmod 600 authorized_keys
user@localhost:$chown sftp_user1:sftp_user1 authorized_keys

5. Change SSH configurations

user@localhost:$vi /etc/ssh/sshd_config

Check the following configurations (uncomment these settings by removing # if needed):

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no

6. Restart the service

 user@localhost:$service sshd restart

Now you can check if it works by using any program that supports SFTP.

How to access the web server in VMWare Fusion on its host machine

Currently, I am in a team developing a web application that supports IEs. My development environment runs under Centos.

Some UI problems appear on IE but not other browsers. This situation leads me to be in need of reproducing those problems on my development environment to confirm if my issues are fixed. I tried to install IE on Centos using Wine, but it doesn’t work properly.

So, I think if I could access the web server on the virtual machine in its host?

Below steps are what I did to make it works.

1. Set the Virtual Machine’s Network Adapter to Bridged:


2. Get the IP V4 of the virtual machine using the below command in Terminal:

eth1 Link encap:Ethernet HWaddr 00:0C:29:11:C1:E8 
inet addr: Bcast: Mask:
inet6 addr: fe80::20c:29ff:fe11:c1e8/64 Scope:Link
RX packets:536823 errors:0 dropped:0 overruns:0 frame:0
TX packets:241377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000 
RX bytes:537011299 (512.1 MiB) TX bytes:27427710 (26.1 MiB)

Now you can browse your VM’s localhost outside of the virtual machine (your host machine) by replacing “localhost” by ““.

How I setup my Terminal on Linux

Today, I got a new computer in my company. So I have to set it up to have my comfortability.

This one runs CentOS 7 and for Linux based OS, Terminal is what you work with the most.

So, I started to configure it.

  • Change the background color and cursor of Terminal

The default color of Terminal is white background and block cursor. But I prefer black background and underline cursor because white background is so dazzlingly bright.

So, open up the Terminal, choose from the menu: Edit > Profile Preferences:



  • Change Bash PS1 colors for easy navigating and observing and show git branch information

Bash allows us to customize color and appearance of Terminal information, below is my own style. For more information for your own customization, refer this link.

And I also work quite much with Git so I need to visible branch information in Terminal.

# get current branch in git repo
 function parse_git_branch() {
 BRANCH=`git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/\1/'`
 if [ ! "${BRANCH}" == "" ]
 echo "[${BRANCH}${STAT}]"
 echo ""

# get current status of git repo
 function parse_git_dirty {
 status=`git status 2>&1 | tee`
 dirty=`echo -n "${status}" 2> /dev/null | grep "modified:" &> /dev/null; echo "$?"`
 untracked=`echo -n "${status}" 2> /dev/null | grep "Untracked files" &> /dev/null; echo "$?"`
 ahead=`echo -n "${status}" 2> /dev/null | grep "Your branch is ahead of" &> /dev/null; echo "$?"`
 newfile=`echo -n "${status}" 2> /dev/null | grep "new file:" &> /dev/null; echo "$?"`
 renamed=`echo -n "${status}" 2> /dev/null | grep "renamed:" &> /dev/null; echo "$?"`
 deleted=`echo -n "${status}" 2> /dev/null | grep "deleted:" &> /dev/null; echo "$?"`
 if [ "${renamed}" == "0" ]; then
 if [ "${ahead}" == "0" ]; then
 if [ "${newfile}" == "0" ]; then
 if [ "${untracked}" == "0" ]; then
 if [ "${deleted}" == "0" ]; then
 if [ "${dirty}" == "0" ]; then
 if [ ! "${bits}" == "" ]; then
 echo " ${bits}"
 echo ""

export PS1="\[\e[31;40m\]\u\[\e[m\]@\[\e[33;40m\]\H\[\e[m\]:\[\e[36;40m\]\w\[\e[m\]\[\e[32m\]\`parse_git_branch\`\[\e[m\]\n"

Add above to .bashrc (sudo gedit ~/.bashrc and paste above scripts to the end of the file) file and the result:


P/s: don’t forget to run source ~/.bashrc to make it takes effects.

  • Setup git autocompletion

It supports us to work faster and more accurate with git commands. So to make it happens, I use a guide from here:

Get the autocompletion script:

curl -o ~/.git-completion.bash

Add the below script to the end of the ~/.bashrc file (sudo gedit ~/.bashrc):

test -f ~/.git-completion.bash && . $_

Fire up changes:

source ~/.bashrc

Now the Terminal is ready to be worked on. Yay.

How to auto compile sass/scss files in Eclipse

First of all, sass/scss compilation needs Ruby to work with.

So, ok, we will install it.

But, we need to use system wide Ruby, ’cause I tried with rvm but there comes some problems:

/usr/bin/env: ruby_executable_hooks: No such file or directory

So if you use rvm, switch it back to:

rvm use system

Now go to:

Then to make sure that Ruby is successfully installed:

ruby -v

It should have some information like:

[ducfilan@localhost]$ ruby -v
 ruby 2.1.8p440 (2015-12-16 revision 53160) [x86_64-linux]

Now come to sass:

gem install sass
# su in case of permission errors

Once again to make sure:

sass -v

Some information like this means we’ve successfully installed it:

[ducfilan@localhost]$ sass -v
Sass 3.4.23 (Selective Steve)

Ok, preparation is done. Open your project in Eclipse.

Right click on it > Properties > Builder > New > Choose ‘Program’ then Ok.


We need to fill out some fields:

  1. Location
    • Get the location of sass using:
      • which sass
  1. Working Directory
    • Relative path to your folder, with ${workspace_loc:/…} as root. Use Browse workspace to make it ez.
  2. Arguments
    • --update ${workspace_loc:/QTEC-Web/public/sass}:${workspace_loc:/QTEC-Web/public/css} --sourcemap=none --style compressed
    • With:
      • –update: Means compiling when your sass file is changed.
      • ${workspace_loc:/QTEC-Web/public/sass}: Your sass folder
      • ${workspace_loc:/QTEC-Web/public/css}: Your output folder
      • –sourcemap=none: No generating .map file
      • –style compressed: Output style

For example in my case:


After that, don’t close the configuration screen.

Switch to Build options tab and check only following files, uncheck all others if they are pre-checked.

  1. Allocate Console
  2. During auto builds

Now you’re done, edit an .scss file and you will see the message of writing .css file in the output screen. If not, you’re doing it wrong.

How to connect to localhost using Postgres Admin (pgadmin) in CentOS

First of all, a recall how to install Postgres and pgAdmin3 in CentOS (CentOS 6.8, Postgres 9.5 in my case):


[ducfilan@localhost]# su

[root@localhost]# wget

[root@localhost]# rpm -ivh pgdg-centos95-9.5-3.noarch.rpm

[root@localhost]# yum install postgresql95-server postgresql95-devel postgresql95-contrib

[root@localhost]# service postgresql-9.5 initdb

[root@localhost]# service postgresql-9.5 start

[root@localhost]# chkconfig postgresql-9.5 on

And pgAdmin:

yum install pgadmin3_95

To start Postgres Admin:

[root@localhost]# pgadmin3

When you add a server to connect to localhost database, the error message appears:

postgresql The server doesn't accept the current user: The server report
Ident authentication failed
The server doesn't accept the current user: The server reports 

FATAL: Ident authentication failed for user "pgadmin" 
If this message appears, the pg_hba.conf entry found for your 
client / user / database combination is set to "ident" authentication.  
Some distributions, e.g. Debian, have this by default. To perform ident  
based authentication successfully, you need additional setup; see the  
PostgreSQL help for this. For a beginner, it might be more appropriate  
to use a different authentication method; MD5 encrypted passwords are  
a good choice, which can be configured by an entry in pg_hba.conf like  

host all all md5 

This example grants MD5 encrypted password access to all databases to  
all users on the private network 
You can use the pg_hba.conf editor that is built into pgAdmin III to  
edit the pg_hba.conf configuration file. After changing pg_hba.conf,  
you need to trigger a server configuration reload using pg_ctl or by  
stopping and restarting the server process. 

Look at the message, it means that ident authentication is not usable here.
We have to edit the pg_hba.conf file. After several researches, I knew the location of pg_hba.conf file, open it up:

[root@localhost]# nano /var/lib/pgsql/9.5/data/pg_hba.conf

You will find some ident here, change it to md5 (username – password authentication)
Dont forget to restart the postgres service:

<[root@localhost]# service postgresql-9.5 restart

Try again, the sky will be brighter.