Hi, looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it? Is OpenSSH a full-featured substitute for SSH? Are there major problems in configuration to expect if I try to deinstall SSH and go for OpenSSH? Marko
Hi,
looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it?
There are some exceptions however these are not in the actual license as far as I know, they are PR releases on the ssh.com website. I wouldn't completely trust it. In any event future usage is in question (remember, ssh used to be "free", Tatu sure has changed).
Is OpenSSH a full-featured substitute for SSH? Are there major problems in configuration to expect if I try to deinstall SSH and go for OpenSSH?
Yes, actually many (myself included) would say that OpenSSH is better then SSH. OpenSSH for example has incorporated various security fixes in the older protocols that Commercial SSH has not, the reason for this is SSH communications wants to kill off the old protocols to sell more software. Something else to note: OpenSSH has grabbed a huge amount of market share and is growing. I know many many people using OpenSSH. Most SSH related articles I have read (and written =) use OpenSSH as the example and typically only mention commercial ssh as a footnote. I do not actually know of any company/etc using commercial ssh (if you are I'd like to know so I can claim I know at least one =).
Marko
-Kurt
Hi Kurt,
There are some exceptions however these are not in the actual license as far I see, so I should better dump SSH...
Is OpenSSH a full-featured substitute for SSH? Are there major problems in
Yes, actually many (myself included) would say that OpenSSH is better then SSH. OpenSSH for example has incorporated various security fixes in the older protocols that Commercial SSH has not, the reason for this is SSH communications wants to kill off the old protocols to sell more software. Good to know that. That's enough arguments for me to change.
company/etc using commercial ssh (if you are I'd like to know so I can claim I know at least one =) No, of course not. I was only concerning to change to OpenSSH just because I wanted to use a non-commercial software!
configuration to expect if I try to deinstall SSH and go for OpenSSH? Well, I hope you missed answering this question because it easy to use... ;)
Thanks a lot! Marko
On Wed, May 02, 2001 at 03:47:56AM -0600, Kurt Seifried wrote:
Something else to note: OpenSSH has grabbed a huge amount of market share and is growing. I know many many people using OpenSSH. Most SSH related articles I have read (and written =) use OpenSSH as the example and typically only mention commercial ssh as a footnote. I do not actually know of any company/etc using commercial ssh (if you are I'd like to know so I can claim I know at least one =).
For our Windows users (those not capable of dealing with "command line scp") I tend to install ssh.com's package. a) I am speaking about a german university. Therefore we do have a license via the DFN (Deutsches Forschungsnetz, the provider of the german universities). We therefore have it for free. b) Provided a) holds, they do offer a graphical file transfer tool for which no freeware replacement is available (yet). (This applies to Windows clients, only) c) Our universities computer center used ssh.com for the servers. They intended to switch to openssh, but whether they changed ... (telnet to port 22, check banner) ... no, they did not change yet. Still running ssh.com. So, as you can see, there are still poor people out there. For everybody else, I support Kurt's statement. I just finished upgrading all of my (HP-UX) boxes to OpenSSH 2.9p1. Released yesterday; supports "hostbased" authentication for protocol 2; protocol 2 is now the default. Really seems to be worth upgrading. Best regards, Lutz PS. No, I won't go again into the debate whether an upgrade to the latest version of OpenSSH should be provided by SuSE via the _update path or not (security fix <-> feature upgrade discussion). -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On 02-May-01 Kurt Seifried wrote:
Hi,
looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it?
There are some exceptions however these are not in the actual license as far as I know, they are PR releases on the ssh.com website. I wouldn't completely trust it. In any event future usage is in question (remember, ssh used to be "free", Tatu sure has changed).
ssh by ssh.com/ssh.fi stems from the original authors of the (formerly free) software and provides ssh servers and clients for various OSs. Both the client and the server are free for personal/educational (non-commercial) use but have to be licensed in commercial environments.
Is OpenSSH a full-featured substitute for SSH? Are there major problems in configuration to expect if I try to deinstall SSH and go for OpenSSH?
Yes, actually many (myself included) would say that OpenSSH is better then SSH. OpenSSH for example has incorporated various security fixes in the older protocols that Commercial SSH has not, the reason for this is SSH communications wants to kill off the old protocols to sell more software.
To clarify this statement: There have been some security holes in SSH version 1, which should not be used anymore. AFAIK there are no real problems with version 2, neither in openssh nor in (commercial) ssh, apart from the usual man-in-the-middle thingy (dsniff et al.). I�m by far no strong supporter of either closed source or monopolistic attitudes, but I really don�t think that ssh Finland tries to "kill" anything; even the latest ssh version for both client and server includes backwards compatibility to ssh version 1 (if that is what you want to say concerning the "old protocols").
Something else to note: OpenSSH has grabbed a huge amount of market share and is growing. I know many many people using OpenSSH. Most SSH related articles I have read (and written =) use OpenSSH as the example and typically only mention commercial ssh as a footnote. I do not actually know of any company/etc using commercial ssh (if you are I'd like to know so I can claim I know at least one =).
You asked for it... Okay, we�re actually using the commercial version of ssh both for our servers and for our clients, for some reasons: 1.) I implemented ssh (version 1) years ago, updated to version 2 as soon as it was released, and don�t want to change now because of a serious backing of all of the ssh toolkit from our company and customers 2.) I am not convinced that openssh really is any better than ssh given the security leakages/problems discussed recently 3.) (Commercial-)ssh�s frontends for Win are much more useable than anything I�ve found in the open source/freeware community 4.) In the latest ssh server they�ve incorporated goodies like PAM authentication, Kerberos and more (don�t know wether openssh provides this though). However, commercial ssh licenses from ssh Finland are quite expensive, so openssh would be the way to go for a polished TCO... All of this should not damage openssh in any way. It is a good tool for secure authentication and can be happily recommended.
Marko
-Kurt
---
Boris Lorenz
On 02-May-01 Kurt Seifried wrote:
1.) I implemented ssh (version 1) years ago, updated to version 2 as soon as it was released, and don´t want to change now because of a serious backing of all of the ssh toolkit from our company and customers
2.) I am not convinced that openssh really is any better than ssh given
--> SNIP the
security leakages/problems discussed recently
Agreed. Both have had their small problems. Both are also solid replacements for things like telnet etc, and I have seen nothing to convince me openssh is in any way superior to commercial ssh (with the exception of the license maybe).
3.) (Commercial-)ssh´s frontends for Win are much more useable than anything I´ve found in the open source/freeware community
Especially the sftp client (nice windows-like gui) is extremely useful when dealing with users who don't know a protocol from a postcard.
4.) In the latest ssh server they´ve incorporated goodies like PAM authentication, Kerberos and more (don´t know wether openssh provides this though).
However, commercial ssh licenses from ssh Finland are quite expensive, so openssh would be the way to go for a polished TCO...
Since we are an educational institute as well, luckily I don't have to worry about that. As an addition: I looked at openssh a while back (2.3 version I think), but then it seemed to have some trouble with the PAM/shadow/MD5 combination. I couldn't get it to work with MD5 passwords. I didn't have time to check it out then, so it may just have been a configuration issue, but ssh compiled and ran with the same configuration without any problem whatsoever. In general compiling openssh seems to cost (albeit just a little) more time than the commercial version (I remember having to get zlib and openssl and compiling them first on a new HP-UX system). While I agree with Kurt et all that the license thingy is not too good, I think that the *Nix version of both is at least equivalent, and the accompanying windows tools for commercial ssh (which now should work with openssh as well though, finally) made it an easy choice for us. hth Stefan
This is timely. Remember that this problem was fixed in OpenSSH quite some time ago (i.e. when they discovered it... howcome ssh.com didn't figure this out? Add to this ssh.com's product not supporting more then 64 connections on the windows server product and a lot of other problems like this, it makes me wonder). url: http://www.unixreview.com/articles/2001/0104/0104i/0104i.htm Passive Analysis of SSH Traffic April 2001 by Joe "Zonker" Brockmeier It's widely known that applications like telnet, rsh, and rlogin are vulnerable to attacks that can monitor or "sniff" network traffic and obtain login passwords or other data sent over unencrypted connections. Protocols like SSH have been assumed to be safe even if an attack does monitor network traffic, because the transmitted data is encrypted. Unfortunately, this is no longer the case, according to an advisory that was sent out by the Openwall Project and that discusses weaknesses in the SSH-1 and SSH-2 protocols. Although attackers may not be able to "read" transmitted data sent in a Secure Shell session, it's possible that they could guess the length of passwords and shell commands. The captured data could be used to try brute-force attacks on passwords. It should be noted, however, that it is still preferable to utilize encrypted protocols. The Problems SSH implementations using the SSH-1 protocol can expose the exact length of passwords, which can then be fed to password-cracking programs. Knowing the length of the password makes it easier for cracking programs to guess the password, but does not guarantee that they will be able to decipher it. The SSH-2 protocol discloses less information, but it is still possible to get a general range of password lengths. Openwall also reports that it is possible for an attacker to determine the length of shell commands or the actual commands entered during an interactive SSH session. It is also possible to determine whether Rivest-Shamir-Adleman (RSA) or Digital Signal Algorithm (DSA) authentication is being used. Solutions Some of the popular SSH implementations have fixes that address some of the possible traffic analysis attacks described by Openwall. OpenSSH 2.5.2 contains fixes for this vulnerability. If you are using OpenSSH, or would like to replace your current SSH implementation of SSH, you can obtain the most recent version from the OpenSSH Web site (http://www.openssh.com/). PuTTY, a free implementation of SSH for Windows, is expected to contain a fix for this vulnerability with the 0.52 release. The latest version as of this writing is 0.51, which is a beta release. Openwall has also provided a patch for SSH version 1.2.x, which can be found in their advisory here (http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt). SSH Communications Security, which produces the most popular commercial version of SSH, has not made any announcements regarding this vulnerability. Summary Although this vulnerability is a problem to be addressed, SSH is still the best available security for remote connections. Exploitation of this vulnerability requires the ability to monitor the traffic between an SSH server and client. Even when an attacker is able to sniff traffic, it is no guarantee that they'll actually be able to crack any of the encrypted data. If you'd like to test your SSH implementation yourself, Openwall has made available the source to a program called SSHOW. The program will also be rolled into the dsniff package. Any administrators or users who are using an SSH implementation should check with their vendor for updated versions that address this vulnerability. In general, it's also advisable to check for fixes or patches on a regular basis anyway. Resources Openwall Security Advisory (http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt) dsniff Homepage (http://www.monkey.org/~dugsong/dsniff/) The End of SSL and SSH? (http://www.securityportal.com/cover/coverstory200012 18.html) Users' Security Handbook (http://www.faqs.org/rfcs/fyi/fyi34.html) Secure Shell Working Group (http://www.ietf.org/html.charters/secsh-charter.html) OpenSSH (http://www.openssh.com/) PuTTY: A Free Win32 telnet/ssh client (http://www.chiark.greenend.org.uk/~sgtatham/putty/) Kurt
On 02-May-01 Kurt Seifried wrote:
This is timely. Remember that this problem was fixed in OpenSSH quite some time ago (i.e. when they discovered it... howcome ssh.com didn't figure this out? Add to this ssh.com's product not supporting more then 64 connections on the windows server product and a lot of other problems like this, it makes me wonder).
Yep, right. Recently I�ve addressed the problem to ssh.com. They haven�t answered yet, but talks we had earlier this year showed a possibility that the most urgent problems will be fixed in ssh 3. So they say.
url: http://www.unixreview.com/articles/2001/0104/0104i/0104i.htm
Passive Analysis of SSH Traffic April 2001
by Joe "Zonker" Brockmeier
It's widely known that applications like telnet, rsh, and rlogin are vulnerable to attacks that can monitor or "sniff" network traffic and obtain login passwords or other data sent over unencrypted connections. Protocols like SSH have been assumed to be safe even if an attack does monitor network traffic, because the transmitted data is encrypted.
Unfortunately, this is no longer the case, according to an advisory that was sent out by the Openwall Project and that discusses weaknesses in the SSH-1 and SSH-2 protocols. Although attackers may not be able to "read" transmitted data sent in a Secure Shell session, it's possible that they could guess the length of passwords and shell commands. The captured data could be used to try brute-force attacks on passwords. It should be noted, however, that it is still preferable to utilize encrypted protocols.
The Problems
SSH implementations using the SSH-1 protocol can expose the exact length of passwords, which can then be fed to password-cracking programs. Knowing the length of the password makes it easier for cracking programs to guess the password, but does not guarantee that they will be able to decipher it. The SSH-2 protocol discloses less information, but it is still possible to get a general range of password lengths. [...] Solutions
Some of the popular SSH implementations have fixes that address some of the possible traffic analysis attacks described by Openwall. OpenSSH 2.5.2 contains fixes for this vulnerability. If you are using OpenSSH, or would like to replace your current SSH implementation of SSH, you can obtain the most recent version from the OpenSSH Web site (http://www.openssh.com/).
PuTTY, a free implementation of SSH for Windows, is expected to contain a fix for this vulnerability with the 0.52 release. The latest version as of this writing is 0.51, which is a beta release.
Openwall has also provided a patch for SSH version 1.2.x, which can be found in their advisory here (http://www.openwall.com/advisories/OW-003-ssh-traffic-analysis.txt).
SSH Communications Security, which produces the most popular commercial version of SSH, has not made any announcements regarding this vulnerability. [...]
I did some research around sshow, compiled it, tested it, successfully. However, there are certain limitations to this kind of traffic analysis and an occasional pwd cracking attempt with its data, at least if we�re talking about ssh2. It�s not that trivial to get the right amount of information off of a busy network, and brute force attempts do create quite some noise in several logfiles, which should be noticed even by an not-so-skilled admin. L0pht Heavy Industrie�s antisniff (www.securitysoftwaretech.com/antisniff/index.html) may be even more valuable now as sshow and other analysis tools set network interfaces into promiscous mode. sshow, if seen as a proof-of-concept code, nicely shows both the danger and power of traffic analysis, a mostly underrated form of attack given the common stack smashing hysteria ;-))
Kurt
---
Boris Lorenz
Quoting Kurt Seifried (listuser@seifried.org) on Wed, May 02, 2001 at 11:47:56AM +0200:
Hi,
looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it?
There are some exceptions however these are not in the actual license as far as I know, they are PR releases on the ssh.com website. I wouldn't completely trust it. In any event future usage is in question (remember, ssh used to be "free", Tatu sure has changed).
Would you please finally read the license n 2.4.0? It is fully free on Linux and the free BSD systems, here a quote from the LICENSE file: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - In order to install and use the Software, You must obtain one of the following three types of licenses: (1) Non-Commercial Use License, (2) Evaluation for Commercial Use License, or (3) Commercial Use License. To qualify for a Non-Commercial Use License, You must: (1) use the Software solely on a system under the Linux, FreeBSD, NetBSD, or OpenBSD operating system (whether for commercial or non-commercial use), or 2) use the Software for non-commercial purposes as defined herein and be a Non-Commercial Entity as defined herein, or (3) be an Excluded Contractor as defined herein. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I do prefer OpenSSH, but i am getting a bit annoyed at your costant slandering of the commercial SSH. There are many points to gripe about, especially their compatibility problems, but at least for the open OSes, it is at least FREE!
Is OpenSSH a full-featured substitute for SSH? Are there major problems in configuration to expect if I try to deinstall SSH and go for OpenSSH?
Yes, actually many (myself included) would say that OpenSSH is better then SSH. OpenSSH for example has incorporated various security fixes in the
I can only second that... Use OpenSSH by all means. cheers afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you!
On 03-May-01 Andreas Siegert wrote:
Quoting Kurt Seifried (listuser@seifried.org) on Wed, May 02, 2001 at 11:47:56AM +0200:
Hi,
looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it?
There are some exceptions however these are not in the actual license as far as I know, they are PR releases on the ssh.com website. I wouldn't completely trust it. In any event future usage is in question (remember, ssh used to be "free", Tatu sure has changed).
Would you please finally read the license n 2.4.0? It is fully free on Linux and the free BSD systems, here a quote from the LICENSE file:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - In order to install and use the Software, You must obtain one of the following three types of licenses: (1) Non-Commercial Use License, (2) Evaluation for Commercial Use License, or (3) Commercial Use License. To qualify for a Non-Commercial Use License, You must: (1) use the Software solely on a system under the Linux, FreeBSD, NetBSD, or OpenBSD operating system (whether for commercial or non-commercial use), or 2) use the Software for non-commercial purposes as defined herein and be a Non-Commercial Entity as defined herein, or (3) be an Excluded Contractor as defined herein. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
I do prefer OpenSSH, but i am getting a bit annoyed at your costant slandering of the commercial SSH. There are many points to gripe about, especially their compatibility problems, but at least for the open OSes, it is at least FREE!
You�re right. But in order to supply our customers with ssh/sftp clients for
Win I actually have to pay for the *Windows clients* from ssh.com, simply
because we want to equip our customers with useable and stable client software.
Like mentioned before, there are no Win clients available which could be seen
as serious replacements for the commercial client version from ssh.com (stuff
like Winscp, Putty and so forth - they�re good, but not good enough to be given
to unskilled users). That�s what the raving about commercial versions was/is all
about, not about the server installation (which still is completely free).
Just my 0.02c.
[...]
---
Boris Lorenz
Hello, with a formerly version 4.x marc has change the startup of the SuseFirewall script. I'm a bit confused about the documentation in SuSEfirewall-technical: ... The rc script is called /sbin/init.d/firewall, and is called twice .... There is'nt a script firewall after package install. Another mysterious thing is the line ln -s /etc/rc.d/firewall /sbin/rcfirewall in the INSTALL script. This link shows to nothing. Frank Mit freundlichen Grüßen, Frank Stühmer WS Medienservice Chemnitz GmbH f.stuehmer@msc-gmbh.de * http://www.msc-gmbh.de
On Thu, May 03, 2001 at 18:09 +0200, Frank Stuehmer wrote:
... The rc script is called /sbin/init.d/firewall, and is called twice ....
There must be a reason. Have a look at what's between these invocations. I guess it's something changing the network setup which influences the packet filter, triggering it again will make it obey the new setup. ISDN, DHCP, ppp, et al come to mind. 'ls /sbin/init.d/rc3.d/S*' should give a clue.
There is'nt a script firewall after package install.
What is the output of 'rpm -ql -p $RPMFILE'? And what is the output of 'rpm -ql $PACKAGE' after installation? Show what made you think that something's missing!
Another mysterious thing is the line ln -s /etc/rc.d/firewall /sbin/rcfirewall in the INSTALL script. This link shows to nothing.
Have you considered looking at 'file /etc/rc.d /sbin/init.d'? :) You don't mention the distro you are using. Maybe that's where the irritation comes from? virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
From: "Gerhard Sittig"
... The rc script is called /sbin/init.d/firewall, and is called twice ....
There must be a reason. Have a look at what's between these invocations. I guess it's something changing the network setup which influences the packet filter, triggering it again will make it obey the new setup. ISDN, DHCP, ppp, et al come to mind. 'ls /sbin/init.d/rc3.d/S*' should give a clue.
yes, this is right, the splitting into three parts makes sense because the different status in runlevel, at first S01SuSEfirewall_init, then S07SuSEfirewall_setup and at least S99SuSEfirewall_final.
There is'nt a script firewall after package install.
What is the output of 'rpm -ql -p $RPMFILE'? And what is the output of 'rpm -ql $PACKAGE' after installation? Show what made you think that something's missing!
Another mysterious thing is the line ln -s /etc/rc.d/firewall /sbin/rcfirewall in the INSTALL script. This link shows to nothing.
Have you considered looking at 'file /etc/rc.d /sbin/init.d'? :)
You don't mention the distro you are using. Maybe that's where the irritation comes from?
There are two ways I see for installing SuSEfirewall, first the RPM from Suse distro (the last version I've found is 4.3), second the download from www.suse.de/~marc/ as tarball (recent version 4.6) with a script INSTALL. My irritation comes from the SuSEfirewall-technical.txt and the INSTALL script in the tarball. Line 42 in INSTALL makes the link shown below. I've take a further look at /sbin, there is also a link from /sbin/rcSuSEfirewall to /etc/rc.d/SuSEfirewall_final. So I think the correction of the SuSEfirewall-technical.txt was forgotten during the modification of the startup sequence. This link was'nt made from INSTALL probably from SuSEfirewall.rpm. O.k., however no longer confusion. The question now is how to stop/start/restart SuSEfirewall after modification the firewall.rc.config without rebooting ? I would do /etc/rc.d/SuSEfirewall_setup stop /etc/rc.d/SuSEfirewall_setup start /etc/rc.d/SuSEfirewall_final start is this right? Or is /etc/rc.d/SuSEfirewall_setup restart enough? In technical.txt is written thats right for modification on the fly, i.e. after ppp activation. I thought there is a one step restart, but I'm not sure how I should do it. Thank you for assistance, Frank
Would you please finally read the license n 2.4.0? It is fully free on Linux and the free BSD systems, here a quote from the LICENSE file:
I do prefer OpenSSH, but i am getting a bit annoyed at your costant slandering of the commercial SSH. There are many points to gripe about, especially
Generally speaking I do not download the licence of EVERY single software product and read it whenever a new version comes out. their
compatibility problems, but at least for the open OSes, it is at least FREE!
No it isn't "free". There are limited conditions (non-commercial) where you can use it without paying. This is quite a far cry from "free". Hi, my software can be used without a license on Tuesdays. Is that free? As for "slandering" SSH this is the company that: refuses to fix various bugs in older protocols such as ssh1, did the whole trademark enforcement thing against openssh and secssh after 6 years of non-enforcement (and lost), put out protocol two without really releasing specs/etc, forcing OpenSSH people to basically reverse engineer it, etc.
I can only second that... Use OpenSSH by all means.
Well at least we agree on the important parts =) BTW any of you going to linuxtag in stuttgart this summer? Or Hal2001?
cheers afx
-Kurt
At 06:55 AM 4/05/2001, you wrote:
BTW any of you going to linuxtag in stuttgart this summer? Or Hal2001?
I am thinking about it. It is a little expensive to get there from .AU but I am going to try. Speaking of which. [OFF TOPIC MODE] I am currently looking for a Security/Linux/Unix job somewhere in Europe. The country doesn't particularly worry me too much, but I am mostly looking at France/Germany/Norway currently, but other countries are not out of the question. More info about me at http://www.peternixon.net/ Please mail me off list if anyone has any suggestions :-) [/OFF TOPIC MODE] Cheers --- Nix - nix@susesecurity.com http://www.susesecurity.com
On 2001.05.02 11:18:17 +0200 Marko Kaening wrote:
Hi,
looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it?
Is OpenSSH a full-featured substitute for SSH? Are there major problems in configuration to expect if I try to deinstall SSH and go for OpenSSH?
As far as I know, you don't have to pay for openssh, but you have to pay for the 3des encryption. You can also use blowfish in openssh which will cost you no fees. Jörg -- www.lug-untermain.de - Dipl.-Ing. Jörg Schütter joerg.schuetter@gmx.de
participants (10)
-
Andreas Siegert -
Boris Lorenz -
Frank Stuehmer -
Gerhard Sittig -
Jörg Schütter -
Kurt Seifried -
Lutz Jaenicke -
Marko Kaening -
Nix -
Stefan Suurmeijer