Well folks, I apologize for the site being slow. With the rapid rate at which I’ve been having to launch sites I ended up putting this one on a server whose main disk is something like 92% full..which is causing performance issues. Bear with me though, if the server company can’t fix it I’ll move the site to a new server with the same company , which means no down time.

I wanted to write a quick post about two things - 1. Moneygram is going to slowly start the upgrade process from Gateway version 6.9.1 to version 6.11. We’re going to do this by running only in the dev environment, which we are completely rebuilding based off of the current production environment. Bryan Cooper, our favorite Axway Professional Services guy will be onsite at Moneygram the week of the 20th, and I know the team is looking forward to that. Bryan has done the majority of our Gateway stuff, and has been up a number of times for maintenance, architecture, and has helped tremendously with other projects! (Alright Bryan, you can give me the cash for endorsing me when you’re here.)

While we have quite a bit of trepidation about the upgrade, we’ve been assured that the Gateway upgrade from 6.9 to 6.11 is one of the easier upgrades. And since we’re using it with a host of other Synchrony products, we made sure that the XFB connector for Synchrony Integrator is the same on version 6.11 as 6.9.1, which is very important to us. Through the http://www.helpwithaxway.com site I was able to hook up with Gary Tennessen from Safeway who advised that the Gateway upgrade was pretty painless. He mentioned one issue releated to the directory scanning feature that was resolved pretty quickly, so because of my ability to utilize communication with other Axway users via an online Axway community, Moneygram gets to upgrade their version of Gateway in a week, which is very exciting!

Since my day-to-day work is all on 6.9.1, and the most recent training I had was on 6.11, I’m pretty pumped about using some of the new functionality in gateway 6.11. The most important is the ability to utilize dual XSRs, which we are doing now but have to do so manually when we failover. The second is that using models we can just login to remote sites and pull files without having to do any sort of directory parsing, which is what we do now, and it’s annoying. At any rate, we’ll be there in at least 1 environment, which we’re looking VERY forward to, and which I hope will facilitate the upgrade in our QA, External, and Production environments shortly after! Plus, having Bryan Cooper from PSO on site is always great for us, because for lots of little questions that dont come up in training manuals, it’s so much easier to say “Coop, can you help us set up this model?” instead of having to phone support or open a ticket online!

The 2nd thing I wanted to write about tonight was the idea of Axway Community. As I mentioned yesterday, I did a lot of work to get what I think will be the final layout for the community site at http://www.helpwithaxway.com/dev that will replace this site (the blog will be a component of that site). I saw a comment on Dave Bennett (Axway’s CTO)’s post on the Connections Blog where somebody commented about their desire for a web 2.0 style user driven site where Axway can communicate with it’s customers. That, coupled with all of the feedback and conversations from the conference were already enough to motivate me to make these sites come together quickly, but today I got an e-mail that made me decide to get these things up FAST!!!

As folks who use the Synchrony Gateway product for SFTP know, only 2 SSH key formats are supported - DER and PEM. Unfortunately at MoneyGram I’ve encountered a number of trading partners who gave me a different key format who wanted to do key only authentication, and I couldn’t import them. I opened a support case (2 actually), and got shut down by Axway. A few weeks after the last one was closed and I registered my very distinct need, I got a notice today saying that a feature request was opened, and that it may be addressed in the long term. This isn’t good enough, and I need Axway to hear about it. This will be my first “Dear Axway” letter when I get that component/site launched (http://www.dearaxway.com).

The key format in question are standard, incredibly widely used open SSH keys, that look like this -

ssh-dss
AAAAB3NzaC1kc3MAAACBAIyR7nQlowjnlMg4MgpH3F7GNNKoO7a5RWv7GhCvtycRgdsDMe+R
qyMXMQp6V1IH11ayj5ybPetylvWx8NdQOucthTJ8GzlvBIL9av8mX+OACePU9VAqRhIbK9qD
o3m5ktU0uMsbM2iiT87n5ZKr5tQ5tiSrDPHHDkQa82i1lPXxAAAAFQDAh9lydw6c8YyDZ82S
VV8Nif58mQAAAIBbplhhZg18KMJ3c3PSWE2QGhR7EW7jF9KfVgHeQumqhdxbhc1BML2RW01t
fvRrinYRlkZ4XgFBlpn2wXDamxS3n7aspDqlE2LRe1uQDfSzHfIBkM+MO2gDUtNZMsr/VvJH
RmNxKUEBOail3TFuKuf9XrCxooq+V55Mmp5LYzXnKAAAAIAUo+1vet4HWoNoXq9Y16TiMubn
YBl2BexI0mdsMOH5pf2cOPlbO6o/hJpqjLoeJ36kBZKCqvgfHg4pLZfCly6GtHUrmo4uYnRd
+Dt33YooKlTqTc1VnB/3v4WH1hRa6liXagJuqVzDAEsbwA1lBL2EVuDHlFTQAR7w0+NoLE3N
Tg== cduser@eiscqats04

Unfortunately Axway can’t support that. It has to be the PEM or DER format…which is ridiculous since the OpenSSH keys are very widely used, especially in the US. Now I did find a workaround, you can use linux (OpenSSH specifically) to take a file that’s formated like the one above, and run a simple command to convert it, check out what it looks like -

ssh-keygen -e -f ./filename.pub > output.pub (This is where filename.pub is the original OpenSSH Key, and output.pub is the key you’ll be able to import into gateway). see the resulting key below -

—- BEGIN SSH2 PUBLIC KEY —-
Comment: “1024-bit DSA, converted from OpenSSH by root@herodotus”
AAAAB3NzaC1kc3MAAACBAIyR7nQlowjnlMg4MgpH3F7GNNKoO7a5RWv7GhCvtycRgdsDMe
+RqyMXMQp6V1IH11ayj5ybPetylvWx8NdQOucthTJ8GzlvBIL9av8mX+OACePU9VAqRhIb
K9qDo3m5ktU0uMsbM2iiT87n5ZKr5tQ5tiSrDPHHDkQa82i1lPXxAAAAFQDAh9lydw6c8Y
yDZ82SVV8Nif58mQAAAIBbplhhZg18KMJ3c3PSWE2QGhR7EW7jF9KfVgHeQumqhdxbhc1B
ML2RW01tfvRrinYRlkZ4XgFBlpn2wXDamxS3n7aspDqlE2LRe1uQDfSzHfIBkM+MO2gDUt
NZMsr/VvJHRmNxKUEBOail3TFuKuf9XrCxooq+V55Mmp5LYzXnKAAAAIAUo+1vet4HWoNo
Xq9Y16TiMubnYBl2BexI0mdsMOH5pf2cOPlbO6o/hJpqjLoeJ36kBZKCqvgfHg4pLZfCly
6GtHUrmo4uYnRd+Dt33YooKlTqTc1VnB/3v4WH1hRa6liXagJuqVzDAEsbwA1lBL2EVuDH
lFTQAR7w0+NoLE3NTg==
—- END SSH2 PUBLIC KEY —-

You’ll notice that the only thing that’s different is there is now a header and footer,  there’s no e-mail address, and the lines are a bit shorter so there are more. One can then import that key into Gateway, and it works just fine because the Fingerprint is still the same as it was initially, so when a trading partner sends you an OpenSSH key that looks like the first example, you can’t import it into gateway without converting. Why can’t Gateway conver the key for us? Or better yet, why can’t it just import it!?!?

As soon as I can get a layout and the functionality I want for Dear Axway, that quqestion is going up, because I heard from other people at the conference (Mr. Rosen of Chase) who had the exact same problem, and have heard from other people who weren’t aware they could be converted who have had to go to their trading partners and say “We can’t support your key, can you give it to us in Der or Pem format?”, to which people generally dont respond well. Especially when you’re their customer. Because I didn’t vfigure out the conversion in time, we had to actually set up a new trading partner on our legacy Tandem transmission platform instead of Axway because they mandated key only authentication.

So,  users, if you have the need to import openssh keys like we do, let us know so that we can show Axway! And Axway, if you read this, let us know what what can be done about it.

Until tomorrow,

Tony