The Great Renaming: hkexsh -> xs (Xperimental Shell)

Signed-off-by: Russ Magee <rmagee@gmail.com>
2019-10-29 20:34:09 -07:00 · 2019-10-29 20:34:09 -07:00 · b19687c80b
parent 423410bb40
commit b19687c80b
41 changed files with 1101 additions and 813 deletions
--- a/LICENSE.mit
+++ b/LICENSE.mit
@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2017 - 2018 Russell Magee (hkexsh/hkexshd/hkexnet/hkexpasswd)
+Copyright (c) 2017 - 2019 Russell Magee (xs/xsd/xsnet/xspasswd)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/46
+++ b/46
@ -5,13 +5,13 @@
 #endif
 GIT_COMMIT := $(shell git rev-list -1 HEAD)
-VERSION := 0.8.7-kcp
+VERSION := 0.8.8
 #ifeq ($(BUILDOPTS),)
 BUILDOPTS :=$(BUILDOPTS)" -ldflags \"-X main.version=$(VERSION) -X main.gitCommit=$(GIT_COMMIT)\""
 #endif
-SUBPKGS = logger spinsult hkexnet
+SUBPKGS = logger spinsult xsnet
-TOOLS = hkexpasswd hkexsh hkexshd
+TOOLS = xspasswd xs xsd
 SUBDIRS = $(LIBS) $(TOOLS)
 INSTPREFIX = /usr/local
@ -41,63 +41,63 @@ common:
 client: common
-	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C hkexsh
+	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C xs
 ifeq ($(MSYSTEM),)
 ifneq ($(GOOS),windows)
 server: common
-	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C hkexshd
+	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C xsd
 else
-	echo "Cross-build of hkexshd server for Windows not yet supported"
+	echo "Cross-build of xsd server for Windows not yet supported"
 endif
 else
 server: common
-	echo "hkexshd server not (yet) supported on Windows"
+	echo "xsd server not (yet) supported on Windows"
 endif
 passwd: common
-	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C hkexpasswd
+	$(MAKE) BUILDOPTS=$(BUILDOPTS) -C xspasswd
 vis:
 	@which go-callvis >/dev/null 2>&1; \
 	stat=$$?; if [ $$stat -ne "0" ]; then \
 	  /bin/echo "go-callvis not found. Run go get github.com/Russtopia/go-callvis to install."; \
 	else \
-	  make -C hkexsh vis;\
+	  make -C xs vis;\
-	  make -C hkexshd vis;\
+	  make -C xsd vis;\
-	  make -C hkexpasswd vis; \
+	  make -C xspasswd vis; \
 	fi
 lint:
-	make -C hkexpasswd lint
+	make -C xspasswd lint
-	make -C hkexshd lint
+	make -C xsd lint
-	make -C hkexsh lint
+	make -C xs lint
 reinstall: uninstall install
 install:
-	cp hkexsh/hkexsh $(INSTPREFIX)/bin
+	cp xs/xs $(INSTPREFIX)/bin
 ifeq ($(MSYSTEM),)
 ifneq ($(GOOS),windows)
-	cp hkexshd/hkexshd hkexpasswd/hkexpasswd $(INSTPREFIX)/sbin
+	cp xsd/xsd xspasswd/xspasswd $(INSTPREFIX)/sbin
 else
-	mv $(INSTPREFIX)/bin/hkexsh $(INSTPREFIX)/bin/_hkexsh
+	mv $(INSTPREFIX)/bin/xs $(INSTPREFIX)/bin/_xs
-	cp hkexsh/mintty_wrapper.sh $(INSTPREFIX)/bin/hkexsh
+	cp xs/mintty_wrapper.sh $(INSTPREFIX)/bin/xs
-	echo "Cross-build of hkexshd server for Windows not yet supported"
+	echo "Cross-build of xsd server for Windows not yet supported"
 endif
 else
-	echo "Cross-build of hkexshd server for Windows not yet supported"
+	echo "Cross-build of xsd server for Windows not yet supported"
 endif
-	cd $(INSTPREFIX)/bin && ln -s hkexsh hkexcp && cd -
+	cd $(INSTPREFIX)/bin && ln -s xs xc && cd -
 uninstall:
-	rm -f $(INSTPREFIX)/bin/hkexsh $(INSTPREFIX)/bin/hkexcp $(INSTPREFIX)/bin/_hkexsh
+	rm -f $(INSTPREFIX)/bin/xs $(INSTPREFIX)/bin/xc $(INSTPREFIX)/bin/_xs
 ifeq ($(MSYSTEM),)
 ifneq ($(GOOS),windows)
-	rm -f $(INSTPREFIX)/sbin/hkexshd $(INSTPREFIX)/sbin/hkexpasswd
+	rm -f $(INSTPREFIX)/sbin/xsd $(INSTPREFIX)/sbin/xspasswd
 else
 endif
 else
--- a/README.md
+++ b/README.md
@ -1,19 +1,19 @@
-[![GoDoc](https://godoc.org/blitter.com/go/hkexsh?status.svg)](https://godoc.org/blitter.com/go/hkexsh)
+[![GoDoc](https://godoc.org/blitter.com/go/xs?status.svg)](https://godoc.org/blitter.com/go/xs)
-# HKExSh
+# XS
 --
-HKExSh (**H**erradura**K**yber**Ex** **Sh**ell) is a golang implementation of a simple
+XS (**X**perimental **S**hell) is a golang implementation of a simple remote shell client and
-remote shell client and server, similar in role to ssh, offering
+server, similar in role to ssh, offering encrypted interactive and non-interactive sessions,
-encrypted interactive and non-interactive sessions, file copying and tunnels with traffic obfuscation ('chaffing').
+file copying and tunnels with traffic obfuscation ('chaffing').
 ***
 **NOTE: Due to the experimental nature of the KEX/KEM algorithms used, and the novelty of the overall codebase, this package SHOULD BE CONSIDERED EXTREMELY EXPERIMENTAL and USED WITH CAUTION. It DEFINITELY SHOULD NOT be used for any sensitive applications. USE AT YOUR OWN RISK. NEITHER WARRANTY NOR CLAIM OF FITNESS FOR PURPOSE IS EXPRESSED OR IMPLIED.**
 ***
-The client and server programs (hkexsh and hkexshd) use a mostly drop-in
+The client and server programs (xs and xsd) use a mostly drop-in
 replacement for golang's standard golang/pkg/net facilities (net.Dial(), net.Listen(), net.Accept()
 and the net.Conn type), which automatically negotiate keying material for
 secure sockets using one of a selectable set of experimental key exchange (KEX) or
@ -42,10 +42,10 @@ Currently supported session algorithms:
 ### Conn
-Calls to hkexnet.Dial() and hkexnet.Listen()/Accept() are generally the same as calls to the equivalents within the _net_ package; however upon connection a key exchange automatically occurs whereby client and server independently derive the same keying material, and all following traffic is secured by a symmetric encryption algorithm.
+Calls to xsnet.Dial() and xsnet.Listen()/Accept() are generally the same as calls to the equivalents within the _net_ package; however upon connection a key exchange automatically occurs whereby client and server independently derive the same keying material, and all following traffic is secured by a symmetric encryption algorithm.
 ### Session Negotiation
-Above the hkexnet.Conn layer, the server and client apps in this repository (hkexshd/ and hkexsh/ respectively) negotiate session settings (cipher/hmac algorithms, interactive/non-interactive mode, tunnel specifiers, etc.) to be used for communication.
+Above the xsnet.Conn layer, the server and client apps in this repository (xsd/ and xs/ respectively) negotiate session settings (cipher/hmac algorithms, interactive/non-interactive mode, tunnel specifiers, etc.) to be used for communication.
 ### Padding and Chaffing
 Packets are subject to padding (random size, randomly applied as prefix or postfix), and optionally the client and server channels can both send _chaff_ packets at random defineable intervals to help thwart analysis of session activity (applicable to interactive and non-interactive command sessions, file copies and tunnels).
@ -54,7 +54,7 @@ Packets are subject to padding (random size, randomly applied as prefix or postf
 Chaffing and tunnels, if specified, are set up during initial client->server connection. Packets from the client local port(s) are sent through the main secured connection to the server's remote port(s), and vice versa, tagged with a chaff or tunnel specifier so that they can be discarded as chaff or de-multiplexed and delivered to the proper tunnel endpoints, respectively.
 ### Accounts and Passwords
-Within the hkexpasswd/ directory is a password-setting utility. HKExSh uses its own password file distinct from the system /etc/passwd to authenticate clients, using standard bcrypt+salt storage. This is currently done to allow alternate login credentials via hkexsh vs. console/ssh login, due to the experimental nature of the program. At some point in the future an option to use the system's /etc/passwd and /etc/shadow may be implemented, making the use of the auxilliary hkexpasswd utility optional or obsolete.
+Within the xspasswd/ directory is a password-setting utility. XS uses its own password file distinct from the system /etc/passwd to authenticate clients, using standard bcrypt+salt storage. This is currently done to allow alternate login credentials via xs vs. console/ssh login, due to the experimental nature of the program. At some point in the future an option to use the system's /etc/passwd and /etc/shadow may be implemented, making the use of the auxilliary xspasswd utility optional or obsolete.
 HERRADURA KEX
@ -85,8 +85,8 @@ As of this time (Oct 2018) Kyber is one of the candidate algorithms submitted to
 ### Get source code
 ```
-$ go get -u blitter.com/go/hkexsh
+$ go get -u blitter.com/go/xs
-$ cd $GOPATH/src/blitter.com/go/hkexsh
+$ cd $GOPATH/src/blitter.com/go/xs
 $ go build ./... # install all dependent go pkgs
 ```
@ -94,7 +94,7 @@ $ go build ./... # install all dependent go pkgs
 ### To build
 ```
-$ cd $GOPATH/src/blitter.com/go/hkexsh
+$ cd $GOPATH/src/blitter.com/go/xs
 $ make clean all
 ```
@ -106,24 +106,24 @@ $ sudo make [install | uninstall | reinstall]
 ### To manage service (assuming openrc init)
-An example init script (hkexshd.initrc) is provided. Consult your Linux distribution documentation for proper service/daemon installation. For openrc,
+An example init script (xsd.initrc) is provided. Consult your Linux distribution documentation for proper service/daemon installation. For openrc,
 ```
-$ sudo cp hkexshd.initrc /etc/init.d/hkexshd
+$ sudo cp xsd.initrc /etc/init.d/xsd
-$ sudo rc-config add hkexshd default
+$ sudo rc-config add xsd default
 ```
-The make system assumes installation in /usr/local/sbin (hkexshd, hkexpasswd) and /usr/local/bin (hkexsh/hkexcp symlink).
+The make system assumes installation in /usr/local/sbin (xsd, xspasswd) and /usr/local/bin (xs/xc symlink).
 ```
-$ sudo rc-config [start | restart | stop] hkexshd
+$ sudo rc-config [start | restart | stop] xsd
 ```
 ### To set accounts & passwords:
 ```
-$ sudo touch /etc/hkexsh.passwd
+$ sudo touch /etc/xs.passwd
-$ sudo hkexpasswd/hkexpasswd -u joebloggs
+$ sudo xspasswd/xspasswd -u joebloggs
 $ <enter a password, enter again to confirm>
 ```
@ -131,36 +131,36 @@ $ <enter a password, enter again to confirm>
 In separate shells A and B:
 ```
-[A]$ cd hkexshd && sudo ./hkexshd &  # add -d for debugging
+[A]$ cd xsd && sudo ./xsd &  # add -d for debugging
 ```
 Interactive shell
 ```
-[B]$ cd hkexsh && ./hkexsh joebloggs@host-or-ip # add -d for debugging
+[B]$ cd xs && ./xs joebloggs@host-or-ip # add -d for debugging
 ```
 One-shot command
 ```
-[B]$ cd hkexsh && ./hkexsh -x "ls /tmp" joebloggs@host-or-ip
+[B]$ cd xs && ./xs -x "ls /tmp" joebloggs@host-or-ip
 ```
 WARNING WARNING WARNING: the -d debug flag will echo passwords to the log/console!
 Logging on Linux usually goes to /var/log/syslog and/or /var/log/debug, /var/log/daemon.log.
-NOTE if running client (hkexsh) with -d, one will likely need to run 'reset' afterwards
+NOTE if running client (xs) with -d, one will likely need to run 'reset' afterwards
 to fix up the shell tty afterwards, as stty echo may not be restored if client crashes
 or is interrupted.
 ### Setting up an 'authtoken' for scripted (password-free) logins
-Use the -g option of hkexsh to request a token from the remote server, which will return a
+Use the -g option of xs to request a token from the remote server, which will return a
-hostname:token string. Place this string into $HOME/.hkexsh_id to allow logins without
+hostname:token string. Place this string into $HOME/.xs_id to allow logins without
-entering a password (obviously, $HOME/.hkexsh_id on both server and client for the user
+entering a password (obviously, $HOME/.xs_id on both server and client for the user
 should *not* be world-readable.)
-### File Copying using hkexcp
+### File Copying using xc
-hkexcp is a symlink to hkexsh, and the binary checks its own filename to determine whether
+xc is a symlink to xs, and the binary checks its own filename to determine whether
 it is being invoked in 'shell' or 'copy' mode. Refer to the '-h' output for differences in
 accepted options.
@ -171,15 +171,15 @@ as expected.
 Local (client) to remote (server) copy:
 ```
-$ hkexcp fileA /some/where/fileB /some/where/else/dirC joebloggs@host-or-ip:remoteDir
+$ xc fileA /some/where/fileB /some/where/else/dirC joebloggs@host-or-ip:remoteDir
 ```
 Remote (server) to local (client) copy:
 ```
-$ hkexcp joebloggs@host-or-ip:/remoteDirOrFile /some/where/local/Dir
+$ xc joebloggs@host-or-ip:/remoteDirOrFile /some/where/local/Dir
 ```
-hkexcp uses a 'tarpipe' to send file data over the encrypted channel. Use the -d flag on client or server to see the generated tar commands if you're curious.
+xc uses a 'tarpipe' to send file data over the encrypted channel. Use the -d flag on client or server to see the generated tar commands if you're curious.
 NOTE: Renaming while copying (eg., 'cp /foo/bar/fileA ./fileB') is NOT supported. Put another way, the destination (whether local or remote) must ALWAYS be a directory.
@ -187,12 +187,12 @@ NOTE: Renaming while copying (eg., 'cp /foo/bar/fileA ./fileB') is NOT supported
 Simple tunnels (client -> server, no reverse tunnels for now) are supported.
-Syntax: hkexsh -T=&lt;tunspec&gt;{,&lt;tunspec&gt;...}
+Syntax: xs -T=&lt;tunspec&gt;{,&lt;tunspec&gt;...}
 .. where &lt;tunspec&gt; is &lt;localport:remoteport&gt;
-Example, tunnelling ssh through hkexsh
+Example, tunnelling ssh through xs
 * [server side] ```$ sudo /usr/sbin/sshd -p 7002```
-* [client side, term A] ```$ hkexsh -T=6002:7002 user@server```
+* [client side, term A] ```$ xs -T=6002:7002 user@server```
 * [client side, term B] ```$ ssh user@localhost -p 6002```
--- a/hkexauth.go
+++ b/hkexauth.go
@ -1,8 +1,8 @@
-package hkexsh
+package xs
-// Package hkexsh - a secure terminal client/server written from scratch in Go
+// Package xs - a secure terminal client/server written from scratch in Go
 //
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
@ -30,7 +30,7 @@ func userExistsOnSystem(who string) bool {
 }
 // AuthUserByPasswd checks user login information using a password.
-// This checks /etc/hkexsh.passwd for auth info, and system /etc/passwd
+// This checks /etc/xs.passwd for auth info, and system /etc/passwd
 // to cross-check the user actually exists.
 // nolint: gocyclo
 func AuthUserByPasswd(username string, auth string, fname string) (valid bool, allowedCmds string) {
@ -85,7 +85,7 @@ func AuthUserByPasswd(username string, auth string, fname string) (valid bool, a
 }
 // AuthUserByToken checks user login information against an auth token.
-// Auth tokens are stored in each user's $HOME/.hkexsh_id and are requested
+// Auth tokens are stored in each user's $HOME/.xs_id and are requested
 // via the -g option.
 // The function also check system /etc/passwd to cross-check the user
 // actually exists.
@ -96,9 +96,9 @@ func AuthUserByToken(username string, connhostname string, auth string) (valid b
 		return false
 	}
-	b, e := ioutil.ReadFile(fmt.Sprintf("%s/.hkexsh_id", u.HomeDir))
+	b, e := ioutil.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir))
 	if e != nil {
-		log.Printf("INFO: Cannot read %s/.hkexsh_id\n", u.HomeDir)
+		log.Printf("INFO: Cannot read %s/.xs_id\n", u.HomeDir)
 		return false
 	}
--- a/consts.go
+++ b/consts.go
@ -1,10 +1,10 @@
-// Package hkexsh - a secure terminal client/server written from scratch in Go
+// Package xs - a secure terminal client/server written from scratch in Go
 //
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
-package hkexsh
+package xs
-// common constants for the HKExSh
+// common constants for the XS (Xperimental Shell)
--- a/go.mod
+++ b/go.mod
@ -1,4 +1,4 @@
-module blitter.com/go/hkexsh
+module blitter.com/go/xs
 go 1.12
--- a/grml.yaml
+++ b/grml.yaml
@ -1,5 +1,5 @@
 env:
-  project: hkexsh
+  project: xs
  version: 0.8.0
  buildDir: build/
  docDir: doc/
@ -38,7 +38,7 @@ commands:
  app:
    aliases: [ build ]
-    help: build the hkexsh tools
+    help: build the xs tools
    exec: |
      make clean
      make all
--- a/hkexpasswd/hkexpasswd-vis.gv
+++ b/hkexpasswd/hkexpasswd-vis.gv
@ -1,63 +0,0 @@
 digraph gocallvis {
    label="blitter.com/go/hkexsh/hkexpasswd";
    labeljust="l";
    fontname="Arial";
    fontsize="14";
    rankdir="LR";
    bgcolor="lightgray";
    style="solid";
    penwidth="0.5";
    pad="0.0";
    nodesep="0.35";
    node [shape="ellipse" style="filled" fillcolor="honeydew" fontname="Verdana" penwidth="1.0" margin="0.05,0.0"];
    edge [minlen="2"]
    subgraph "cluster_focus" {
        label="main";
 labelloc="t";
 labeljust="c";
 fontsize="18";
 bgcolor="#e6ecfa";
        "blitter.com/go/hkexsh/hkexpasswd.main" [ fillcolor="lightblue" label="main" penwidth="0.5" ]
        subgraph "cluster_blitter.com/go/hkexsh" {
        label="[hkexsh]";
 penwidth="0.8";
 style="filled";
 rank="sink";
 URL="/?f=blitter.com/go/hkexsh";
 tooltip="package: blitter.com/go/hkexsh";
 fontsize="16";
 fillcolor="lightyellow";
 fontname="bold";
        "blitter.com/go/hkexsh.ReadPassword" [ fillcolor="moccasin" label="ReadPassword" penwidth="1.5" ]
    }
        subgraph "cluster_github.com/jameskeane/bcrypt" {
        fontsize="16";
 rank="sink";
 label="[bcrypt]";
 URL="/?f=github.com/jameskeane/bcrypt";
 tooltip="package: github.com/jameskeane/bcrypt";
 penwidth="0.8";
 style="filled";
 fillcolor="lightyellow";
 fontname="bold";
        "github.com/jameskeane/bcrypt.Salt" [ fillcolor="moccasin" label="Salt" penwidth="1.5" ]
        "github.com/jameskeane/bcrypt.Hash" [ fillcolor="moccasin" label="Hash" penwidth="1.5" ]
        "github.com/jameskeane/bcrypt.Match" [ fillcolor="moccasin" label="Match" penwidth="1.5" ]
    }
    }
    "blitter.com/go/hkexsh/hkexpasswd.main" -> "blitter.com/go/hkexsh.ReadPassword" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexpasswd.main" -> "github.com/jameskeane/bcrypt.Salt" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexpasswd.main" -> "github.com/jameskeane/bcrypt.Hash" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexpasswd.main" -> "github.com/jameskeane/bcrypt.Match" [ color="saddlebrown" ]
 }
--- a/hkexsh/hkexcp
+++ b/hkexsh/hkexcp
@ -1 +0,0 @@
 hkexsh
--- a/hkexsh/hkexsh-vis-fixedup.png
+++ b/hkexsh/hkexsh-vis-fixedup.png
--- a/hkexsh/hkexsh-vis.gv
+++ b/hkexsh/hkexsh-vis.gv
@ -1,263 +0,0 @@
 digraph gocallvis {
    label="blitter.com/go/hkexsh/hkexsh";
    labeljust="l";
    fontname="Arial";
    fontsize="14";
    rankdir="LR";
    bgcolor="lightgray";
    style="solid";
    penwidth="0.5";
    pad="0.0";
    nodesep="0.35";
    node [shape="ellipse" style="filled" fillcolor="honeydew" fontname="Verdana" penwidth="1.0" margin="0.05,0.0"];
    edge [minlen="2"]
    subgraph "cluster_focus" {
        bgcolor="#e6ecfa";
 label="main";
 labelloc="t";
 labeljust="c";
 fontsize="18";
        "blitter.com/go/hkexsh/hkexsh.reqTunnel" [ penwidth="0.5" fillcolor="lightblue" label="reqTunnel" ]
        "blitter.com/go/hkexsh/hkexsh.doShellMode$1" [ fillcolor="lightblue" label="shellRemoteToStdin" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.doShellMode$1$1" [ fillcolor="lightblue" label="doShellMode$1$1" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.doShellMode" [ fillcolor="lightblue" label="doShellMode" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.handleTermResizes$1" [ fillcolor="lightblue" label="handleTermResizes$1" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.GetSize" [ label="GetSize" penwidth="1.5" fillcolor="lightblue" ]
        "blitter.com/go/hkexsh/hkexsh.handleTermResizes" [ penwidth="0.5" fillcolor="lightblue" label="handleTermResizes" ]
        "blitter.com/go/hkexsh/hkexsh.copyBuffer" [ fillcolor="lightblue" label="copyBuffer" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.copyBuffer$1" [ fillcolor="lightblue" label="copyBuffer$1" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.copyBuffer$2" [ fillcolor="lightblue" label="copyBuffer$2" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.copyBuffer$3" [ style="dotted,filled" fillcolor="lightblue" label="copyBuffer$3" ]
        "blitter.com/go/hkexsh/hkexsh.Copy" [ fillcolor="lightblue" label="Copy" penwidth="1.5" ]
        "blitter.com/go/hkexsh/hkexsh.doShellMode$2$1" [ fillcolor="lightblue" label="doShellMode$2$1" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.doShellMode$2" [ fillcolor="lightblue" label="shellStdinToRemote" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.main$2" [ fillcolor="lightblue" label="deferCloseChaff" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexsh.sendSessionParams" [ fillcolor="lightblue" label="sendSessionParams" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.main$1" [ label="deferRestore" style="dotted,filled" fillcolor="lightblue" ]
        "blitter.com/go/hkexsh/hkexsh.launchTuns" [ penwidth="0.5" fillcolor="lightblue" label="launchTuns" ]
        "blitter.com/go/hkexsh/hkexsh.rejectUserMsg" [ label="rejectUserMsg" penwidth="0.5" fillcolor="lightblue" ]
        "blitter.com/go/hkexsh/hkexsh.main" [ fillcolor="lightblue" label="main" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.parseNonSwitchArgs" [ fillcolor="lightblue" label="parseNonSwitchArgs" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.doCopyMode" [ fillcolor="lightblue" label="doCopyMode" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.usageShell" [ fillcolor="lightblue" label="usageShell" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexsh.usageCp" [ fillcolor="lightblue" label="usageCp" penwidth="0.5" ]
        subgraph "cluster_blitter.com/go/hkexsh" {
        style="filled";
 fillcolor="lightyellow";
 rank="sink";
 label="[hkexsh]";
 tooltip="package: blitter.com/go/hkexsh";
 penwidth="0.8";
 fontsize="16";
 fontname="bold";
 URL="/?f=blitter.com/go/hkexsh";
        "blitter.com/go/hkexsh.Restore" [ fillcolor="moccasin" label="Restore" penwidth="1.5" ]
        "blitter.com/go/hkexsh.MakeRaw" [ fillcolor="moccasin" label="MakeRaw" penwidth="1.5" ]
        "blitter.com/go/hkexsh.ReadPassword" [ penwidth="1.5" fillcolor="moccasin" label="ReadPassword" ]
        "blitter.com/go/hkexsh.NewSession" [ label="NewSession" penwidth="1.5" fillcolor="moccasin" ]
        subgraph "cluster_*blitter.com/go/hkexsh.Session" {
        style="rounded,filled";
 fillcolor="wheat2";
 label="(*Session)";
 tooltip="type: *blitter.com/go/hkexsh.Session";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
        "(*blitter.com/go/hkexsh.Session).SetStatus" [ label="SetStatus" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh.Session" {
        fillcolor="wheat2";
 label="(Session)";
 tooltip="type: blitter.com/go/hkexsh.Session";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
        "(blitter.com/go/hkexsh.Session).Status" [ label="Status" penwidth="1.5" fillcolor="moccasin" ]
        "(blitter.com/go/hkexsh.Session).Op" [ fillcolor="moccasin" label="Op" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).Who" [ fillcolor="moccasin" label="Who" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).ConnHost" [ fillcolor="moccasin" label="ConnHost" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).TermType" [ penwidth="1.5" fillcolor="moccasin" label="TermType" ]
        "(blitter.com/go/hkexsh.Session).Cmd" [ label="Cmd" penwidth="1.5" fillcolor="moccasin" ]
        "(blitter.com/go/hkexsh.Session).AuthCookie" [ fillcolor="moccasin" label="AuthCookie" penwidth="1.5" ]
    }
    }
        subgraph "cluster_blitter.com/go/hkexsh/hkexnet" {
        fontname="bold";
 label="[hkexnet]";
 URL="/?f=blitter.com/go/hkexsh/hkexnet";
 tooltip="package: blitter.com/go/hkexsh/hkexnet";
 fontsize="16";
 fillcolor="lightyellow";
 rank="sink";
 penwidth="0.8";
 style="filled";
        "blitter.com/go/hkexsh/hkexnet.Init" [ fillcolor="moccasin" label="Init" penwidth="1.5" ]
        "blitter.com/go/hkexsh/hkexnet.Dial" [ penwidth="1.5" fillcolor="moccasin" label="Dial" ]
        subgraph "cluster_*blitter.com/go/hkexsh/hkexnet.Conn" {
        penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*Conn)";
 tooltip="type: *blitter.com/go/hkexsh/hkexnet.Conn";
        "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ fillcolor="moccasin" label="WritePacket" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).Close" [ fillcolor="moccasin" label="Close" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).SetupChaff" [ fillcolor="moccasin" label="SetupChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).EnableChaff" [ fillcolor="moccasin" label="EnableChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).DisableChaff" [ fillcolor="moccasin" label="DisableChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).ShutdownChaff" [ label="ShutdownChaff" penwidth="1.5" fillcolor="moccasin" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).SetStatus" [ penwidth="1.5" fillcolor="moccasin" label="SetStatus" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh/hkexnet.Conn" {
        labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(Conn)";
 tooltip="type: blitter.com/go/hkexsh/hkexnet.Conn";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
        "(blitter.com/go/hkexsh/hkexnet.Conn).GetStatus" [ fillcolor="moccasin" label="GetStatus" penwidth="1.5" ]
        "(blitter.com/go/hkexsh/hkexnet.Conn).Write" [ fillcolor="moccasin" label="Write" penwidth="1.5" ]
        "(blitter.com/go/hkexsh/hkexnet.Conn).Read" [ fillcolor="moccasin" label="Read" penwidth="1.5" ]
    }
    }
        subgraph "cluster_blitter.com/go/hkexsh/logger" {
        fillcolor="lightyellow";
 fontname="bold";
 label="[logger]";
 tooltip="package: blitter.com/go/hkexsh/logger";
 penwidth="0.8";
 style="filled";
 rank="sink";
 URL="/?f=blitter.com/go/hkexsh/logger";
 fontsize="16";
        "blitter.com/go/hkexsh/logger.LogDebug" [ fillcolor="moccasin" label="LogDebug" penwidth="1.5" ]
        "blitter.com/go/hkexsh/logger.New" [ fillcolor="moccasin" label="New" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh/spinsult" {
        penwidth="0.8";
 style="filled";
 rank="sink";
 tooltip="package: blitter.com/go/hkexsh/spinsult";
 fontsize="16";
 fillcolor="lightyellow";
 fontname="bold";
 label="[spinsult]";
 URL="/?f=blitter.com/go/hkexsh/spinsult";
        "blitter.com/go/hkexsh/spinsult.GetSentence" [ fillcolor="moccasin" label="GetSentence" penwidth="1.5" ]
    }
        subgraph "cluster_github.com/mattn/go-isatty" {
        tooltip="package: github.com/mattn/go-isatty";
 penwidth="0.8";
 fillcolor="lightyellow";
 rank="sink";
 label="[isatty]";
 URL="/?f=github.com/mattn/go-isatty";
 fontsize="16";
 style="filled";
 fontname="bold";
        "github.com/mattn/go-isatty.IsTerminal" [ fillcolor="moccasin" label="IsTerminal" penwidth="1.5" ]
    }
    }
    "blitter.com/go/hkexsh/hkexsh.reqTunnel" -> "blitter.com/go/hkexsh/logger.LogDebug" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.reqTunnel" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$1" -> "blitter.com/go/hkexsh/hkexsh.doShellMode$1$1" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$1" -> "blitter.com/go/hkexsh.Restore" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$1" -> "(blitter.com/go/hkexsh/hkexnet.Conn).GetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$1" -> "(*blitter.com/go/hkexsh.Session).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$1" -> "(blitter.com/go/hkexsh.Session).Status" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode" -> "blitter.com/go/hkexsh/hkexsh.doShellMode$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexsh.handleTermResizes$1" -> "blitter.com/go/hkexsh/hkexsh.GetSize" [  ]
    "blitter.com/go/hkexsh/hkexsh.handleTermResizes$1" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.handleTermResizes" -> "blitter.com/go/hkexsh/hkexsh.handleTermResizes$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode" -> "blitter.com/go/hkexsh/hkexsh.handleTermResizes" [  ]
    "blitter.com/go/hkexsh/hkexsh.copyBuffer" -> "(blitter.com/go/hkexsh/hkexnet.Conn).Write" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.copyBuffer" -> "blitter.com/go/hkexsh/hkexsh.copyBuffer$1" [ style="dashed" ]
    "blitter.com/go/hkexsh/hkexsh.copyBuffer" -> "blitter.com/go/hkexsh/hkexsh.copyBuffer$2" [ style="dashed" ]
    "blitter.com/go/hkexsh/hkexsh.copyBuffer" -> "blitter.com/go/hkexsh/hkexsh.copyBuffer$3" [ style="dashed" ]
    "blitter.com/go/hkexsh/hkexsh.Copy" -> "blitter.com/go/hkexsh/hkexsh.copyBuffer" [  ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$2$1" -> "blitter.com/go/hkexsh/hkexsh.Copy" [  ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$2" -> "blitter.com/go/hkexsh/hkexsh.doShellMode$2$1" [  ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode$2" -> "blitter.com/go/hkexsh.Restore" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doShellMode" -> "blitter.com/go/hkexsh/hkexsh.doShellMode$2" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexsh.main$2" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh.Session).Op" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh.Session).Who" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh.Session).ConnHost" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh.Session).TermType" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh.Session).Cmd" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh.Session).AuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.sendSessionParams" -> "(blitter.com/go/hkexsh/hkexnet.Conn).Write" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main$1" -> "blitter.com/go/hkexsh.Restore" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.launchTuns" -> "blitter.com/go/hkexsh/hkexsh.reqTunnel" [  ]
    "blitter.com/go/hkexsh/hkexsh.rejectUserMsg" -> "blitter.com/go/hkexsh/spinsult.GetSentence" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.parseNonSwitchArgs" [  ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/logger.New" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexnet.Init" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexnet.Dial" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).Close" [ color="saddlebrown" arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "github.com/mattn/go-isatty.IsTerminal" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh.MakeRaw" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.main$1" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh.ReadPassword" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh.NewSession" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.sendSessionParams" [  ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(blitter.com/go/hkexsh/hkexnet.Conn).Read" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(*blitter.com/go/hkexsh.Session).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.rejectUserMsg" [  ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).SetupChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).DisableChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).ShutdownChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.main$2" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.launchTuns" [  ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.doShellMode" [  ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "(blitter.com/go/hkexsh.Session).Status" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doCopyMode" -> "(blitter.com/go/hkexsh.Session).Cmd" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doCopyMode" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doCopyMode" -> "(blitter.com/go/hkexsh/hkexnet.Conn).Read" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doCopyMode" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.doCopyMode" -> "(blitter.com/go/hkexsh/hkexnet.Conn).GetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.doCopyMode" [  ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh.Restore" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.usageShell" [ style="dashed" ]
    "blitter.com/go/hkexsh/hkexsh.main" -> "blitter.com/go/hkexsh/hkexsh.usageCp" [ style="dashed" ]
 }
--- a/hkexsh/hkexsh_seq.png
+++ b/hkexsh/hkexsh_seq.png
--- a/hkexshd/hkexshd-vis-fixedup.png
+++ b/hkexshd/hkexshd-vis-fixedup.png
--- a/hkexshd/hkexshd-vis.gv
+++ b/hkexshd/hkexshd-vis.gv
@ -1,281 +0,0 @@
 digraph gocallvis {
    label="blitter.com/go/hkexsh/hkexshd";
    labeljust="l";
    fontname="Arial";
    fontsize="14";
    rankdir="LR";
    bgcolor="lightgray";
    style="solid";
    penwidth="0.5";
    pad="0.0";
    nodesep="0.35";
    node [shape="ellipse" style="filled" fillcolor="honeydew" fontname="Verdana" penwidth="1.0" margin="0.05,0.0"];
    edge [minlen="2"]
    subgraph "cluster_focus" {
        bgcolor="#e6ecfa";
 label="main";
 labelloc="t";
 labeljust="c";
 fontsize="18";
        "blitter.com/go/hkexsh/hkexshd.main$1" [ fillcolor="lightblue" label="main$1" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexshd.main$2$1" [ fillcolor="lightblue" label="main$2$1" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexshd.runShellAs$4" [ fillcolor="lightblue" label="deferChaffShutdown" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexshd.main" [ fillcolor="lightblue" label="main" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexshd.main$2" [ fillcolor="lightblue" label="main$2" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexshd.GenAuthToken" [ fillcolor="lightblue" label="GenAuthToken" penwidth="1.5" ]
        "blitter.com/go/hkexsh/hkexshd.runShellAs" [ fillcolor="lightblue" label="runShellAs" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexshd.runShellAs$1" [ label="deferPtmxClose" style="dotted,filled" fillcolor="lightblue" ]
        "blitter.com/go/hkexsh/hkexshd.runShellAs$2" [ style="dotted,filled" fillcolor="lightblue" label="termResizeWatcher" ]
        "blitter.com/go/hkexsh/hkexshd.runShellAs$3" [ fillcolor="lightblue" label="stdinToPtyWorker" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexshd.runShellAs$5" [ fillcolor="lightblue" label="ptyToStdoutWorker" style="dotted,filled" ]
        "blitter.com/go/hkexsh/hkexshd.runClientToServerCopyAs" [ fillcolor="lightblue" label="runClientToServerCopyAs" penwidth="0.5" ]
        "blitter.com/go/hkexsh/hkexshd.runServerToClientCopyAs" [ fillcolor="lightblue" label="runServerToClientCopyAs" penwidth="0.5" ]
        subgraph "cluster_blitter.com/go/goutmp" {
        fontname="bold";
 rank="sink";
 tooltip="package: blitter.com/go/goutmp";
 penwidth="0.8";
 fillcolor="lightyellow";
 label="[goutmp]";
 URL="/?f=blitter.com/go/goutmp";
 fontsize="16";
 style="filled";
        "blitter.com/go/goutmp.Unput_utmp" [ label="Unput_utmp" penwidth="1.5" fillcolor="moccasin" ]
        "blitter.com/go/goutmp.GetHost" [ fillcolor="moccasin" label="GetHost" penwidth="1.5" ]
        "blitter.com/go/goutmp.Put_utmp" [ label="Put_utmp" penwidth="1.5" fillcolor="moccasin" ]
        "blitter.com/go/goutmp.Put_lastlog_entry" [ fillcolor="moccasin" label="Put_lastlog_entry" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh" {
        fillcolor="lightyellow";
 label="[hkexsh]";
 tooltip="package: blitter.com/go/hkexsh";
 penwidth="0.8";
 style="filled";
 fontname="bold";
 rank="sink";
 URL="/?f=blitter.com/go/hkexsh";
 fontsize="16";
        "blitter.com/go/hkexsh.AuthUserByToken" [ label="AuthUserByToken" penwidth="1.5" fillcolor="moccasin" ]
        "blitter.com/go/hkexsh.AuthUserByPasswd" [ fillcolor="moccasin" label="AuthUserByPasswd" penwidth="1.5" ]
        subgraph "cluster_*blitter.com/go/hkexsh.Session" {
        fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*Session)";
 tooltip="type: *blitter.com/go/hkexsh.Session";
 penwidth="0.5";
        "(*blitter.com/go/hkexsh.Session).SetOp" [ fillcolor="moccasin" label="SetOp" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh.Session).SetWho" [ fillcolor="moccasin" label="SetWho" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh.Session).SetConnHost" [ penwidth="1.5" fillcolor="moccasin" label="SetConnHost" ]
        "(*blitter.com/go/hkexsh.Session).SetTermType" [ label="SetTermType" penwidth="1.5" fillcolor="moccasin" ]
        "(*blitter.com/go/hkexsh.Session).SetCmd" [ fillcolor="moccasin" label="SetCmd" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh.Session).SetAuthCookie" [ fillcolor="moccasin" label="SetAuthCookie" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh.Session).ClearAuthCookie" [ label="ClearAuthCookie" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh.Session" {
        fillcolor="wheat2";
 label="(Session)";
 tooltip="type: blitter.com/go/hkexsh.Session";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
        "(blitter.com/go/hkexsh.Session).Op" [ fillcolor="moccasin" label="Op" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).Who" [ fillcolor="moccasin" label="Who" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).ConnHost" [ fillcolor="moccasin" label="ConnHost" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).Cmd" [ penwidth="1.5" fillcolor="moccasin" label="Cmd" ]
        "(blitter.com/go/hkexsh.Session).AuthCookie" [ fillcolor="moccasin" label="AuthCookie" penwidth="1.5" ]
        "(blitter.com/go/hkexsh.Session).TermType" [ fillcolor="moccasin" label="TermType" penwidth="1.5" ]
    }
    }
        subgraph "cluster_blitter.com/go/hkexsh/hkexnet" {
        fontsize="16";
 URL="/?f=blitter.com/go/hkexsh/hkexnet";
 rank="sink";
 label="[hkexnet]";
 tooltip="package: blitter.com/go/hkexsh/hkexnet";
 penwidth="0.8";
 style="filled";
 fillcolor="lightyellow";
 fontname="bold";
        "blitter.com/go/hkexsh/hkexnet.Init" [ fillcolor="moccasin" label="Init" penwidth="1.5" ]
        "blitter.com/go/hkexsh/hkexnet.Listen" [ fillcolor="moccasin" label="Listen" penwidth="1.5" ]
        subgraph "cluster_*blitter.com/go/hkexsh/hkexnet.Conn" {
        tooltip="type: *blitter.com/go/hkexsh/hkexnet.Conn";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*Conn)";
        "(*blitter.com/go/hkexsh/hkexnet.Conn).DisableChaff" [ fillcolor="moccasin" label="DisableChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).ShutdownChaff" [ fillcolor="moccasin" label="ShutdownChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).SetupChaff" [ fillcolor="moccasin" label="SetupChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).Close" [ fillcolor="moccasin" label="Close" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).RemoteAddr" [ label="RemoteAddr" penwidth="1.5" fillcolor="moccasin" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).EnableChaff" [ fillcolor="moccasin" label="EnableChaff" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).SetStatus" [ fillcolor="moccasin" label="SetStatus" penwidth="1.5" ]
        "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ label="WritePacket" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_*blitter.com/go/hkexsh/hkexnet.HKExListener" {
        tooltip="type: *blitter.com/go/hkexsh/hkexnet.HKExListener";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*HKExListener)";
        "(*blitter.com/go/hkexsh/hkexnet.HKExListener).Accept" [ fillcolor="moccasin" label="Accept" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh/hkexnet.Conn" {
        fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(Conn)";
 tooltip="type: blitter.com/go/hkexsh/hkexnet.Conn";
 penwidth="0.5";
 fontsize="15";
        "(blitter.com/go/hkexsh/hkexnet.Conn).Write" [ label="Write" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_blitter.com/go/hkexsh/hkexnet.HKExListener" {
        fillcolor="wheat2";
 label="(HKExListener)";
 tooltip="type: blitter.com/go/hkexsh/hkexnet.HKExListener";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
        "(blitter.com/go/hkexsh/hkexnet.HKExListener).Close" [ fillcolor="moccasin" label="Close" penwidth="1.5" ]
    }
    }
        subgraph "cluster_blitter.com/go/hkexsh/logger" {
        penwidth="0.8";
 fontsize="16";
 style="filled";
 rank="sink";
 fillcolor="lightyellow";
 fontname="bold";
 label="[logger]";
 URL="/?f=blitter.com/go/hkexsh/logger";
 tooltip="package: blitter.com/go/hkexsh/logger";
        "blitter.com/go/hkexsh/logger.LogNotice" [ fillcolor="moccasin" label="LogNotice" penwidth="1.5" ]
        "blitter.com/go/hkexsh/logger.New" [ fillcolor="moccasin" label="New" penwidth="1.5" ]
        "blitter.com/go/hkexsh/logger.LogErr" [ fillcolor="moccasin" label="LogErr" penwidth="1.5" ]
    }
        subgraph "cluster_github.com/kr/pty" {
        penwidth="0.8";
 fillcolor="lightyellow";
 tooltip="package: github.com/kr/pty";
 label="[pty]";
 URL="/?f=github.com/kr/pty";
 fontsize="16";
 style="filled";
 fontname="bold";
 rank="sink";
        "github.com/kr/pty.Start" [ label="Start" penwidth="1.5" fillcolor="moccasin" ]
        "github.com/kr/pty.Setsize" [ fillcolor="moccasin" label="Setsize" penwidth="1.5" ]
    }
    }
    "blitter.com/go/hkexsh/hkexshd.main$1" -> "blitter.com/go/hkexsh/logger.LogNotice" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2$1" -> "blitter.com/go/goutmp.Unput_utmp" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs$4" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).DisableChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs$4" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).ShutdownChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "blitter.com/go/hkexsh/logger.New" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "blitter.com/go/hkexsh/hkexnet.Init" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "blitter.com/go/hkexsh/hkexshd.main$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "blitter.com/go/hkexsh/hkexnet.Listen" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "(blitter.com/go/hkexsh/hkexnet.HKExListener).Close" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "(*blitter.com/go/hkexsh/hkexnet.HKExListener).Accept" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).SetupChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).Close" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).SetOp" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).SetWho" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).SetConnHost" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).SetTermType" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).SetCmd" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).SetAuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh.Session).Op" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh.Session).Who" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh.Session).ConnHost" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh.Session).Cmd" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh.Session).AuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh.AuthUserByToken" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh.Session).ClearAuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh.AuthUserByPasswd" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh/hkexnet.Conn).Write" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/logger.LogNotice" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).RemoteAddr" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/goutmp.GetHost" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/hkexshd.GenAuthToken" [  ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(blitter.com/go/hkexsh.Session).TermType" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "github.com/kr/pty.Start" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "blitter.com/go/hkexsh/hkexshd.runShellAs$1" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs$2" -> "github.com/kr/pty.Setsize" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "blitter.com/go/hkexsh/hkexshd.runShellAs$2" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "blitter.com/go/hkexsh/hkexshd.runShellAs$3" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "blitter.com/go/hkexsh/hkexshd.runShellAs$4" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "blitter.com/go/hkexsh/hkexshd.runShellAs$5" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/hkexsh/hkexshd.runShellAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/hkexshd.runShellAs" [  ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/logger.LogErr" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/goutmp.Put_utmp" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/hkexshd.main$2$1" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/goutmp.Put_lastlog_entry" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runClientToServerCopyAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runClientToServerCopyAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).DisableChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runClientToServerCopyAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).ShutdownChaff" [ color="saddlebrown" arrowhead="normalnoneodiamond" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/hkexshd.runClientToServerCopyAs" [  ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runServerToClientCopyAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runServerToClientCopyAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).DisableChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.runServerToClientCopyAs" -> "(*blitter.com/go/hkexsh/hkexnet.Conn).ShutdownChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/hkexsh/hkexshd.main$2" -> "blitter.com/go/hkexsh/hkexshd.runServerToClientCopyAs" [  ]
    "blitter.com/go/hkexsh/hkexshd.main" -> "blitter.com/go/hkexsh/hkexshd.main$2" [ arrowhead="normalnoneodot" ]
 }
--- a/hkexsession.go
+++ b/hkexsession.go
@ -1,8 +1,8 @@
-package hkexsh
+package xs
-// Package hkexsh - a secure terminal client/server written from scratch in Go
+// Package xs - a secure terminal client/server written from scratch in Go
 //
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
@ -28,7 +28,7 @@ type Session struct {
 // Output Session record as a string. Implements Stringer interface.
 func (h *Session) String() string {
-	return fmt.Sprintf("hkexsh.Session:\nOp:%v\nWho:%v\nCmd:%v\nAuthCookie:%v\nStatus:%v",
+	return fmt.Sprintf("xs.Session:\nOp:%v\nWho:%v\nCmd:%v\nAuthCookie:%v\nStatus:%v",
 		h.op, h.who, h.cmd, h.AuthCookie(false), h.status)
 }
--- a/termmode_unix.go
+++ b/termmode_unix.go
@ -1,6 +1,6 @@
 // +build linux
-package hkexsh
+package xs
 import (
 	"errors"
@ -12,7 +12,7 @@ import (
 /* -------------
 * minimal terminal APIs brought in from ssh/terminal
 * (they have no real business being there as they aren't specific to
- * ssh, but as of Go v1.10, early 2018, core go stdlib hasn't yet done
+ * ssh, but as of Go v1.10, late 2019, core go stdlib hasn't yet done
 * the planned terminal lib reorgs.)
 * ------------- */
--- a/termmode_windows.go
+++ b/termmode_windows.go
@ -1,7 +1,7 @@
 // +build windows
 //
 // Note the terminal manipulation functions herein are mostly stubs. They
-// don't really do anything and the hkexsh demo client depends on a wrapper
+// don't really do anything and the xs demo client depends on a wrapper
 // script using the 'stty' tool to actually set the proper mode for
 // password login and raw mode required, then restoring it upon logout/exit.
 //
@ -12,7 +12,7 @@
 // here; the wrapper does the bare minimum to make the client workable
 // under MSYS+mintty which is what I use.
-package hkexsh
+package xs
 import (
 	"io"
--- a/viz_hkexsh_dot.png
+++ b/viz_hkexsh_dot.png
--- a/hkexsh/Makefile
+++ b/hkexsh/Makefile
@ -11,8 +11,8 @@ clean:
 	$(RM) $(EXE) $(EXE).exe
 vis:
-	go-callvis -file hkexsh-vis -format png -ignore $(EXTPKGS) -group pkg,type .
+	go-callvis -file xs-vis -format png -ignore $(EXTPKGS) -group pkg,type .
-	../fixup-gv.sh hkexsh.go && cat hkexsh-vis.gv | dot -Tpng -ohkexsh-vis-fixedup.png
+	../fixup-gv.sh xs.go && cat xs-vis.gv | dot -Tpng -oxs-vis-fixedup.png
 lint:
 	-gometalinter --deadline=60s | sort
--- a/hkexsh/mintty_wrapper.sh
+++ b/hkexsh/mintty_wrapper.sh
--- a/hkexsh/termsize_linux.go
+++ b/hkexsh/termsize_linux.go
@ -9,11 +9,11 @@ import (
 	"os/signal"
 	"syscall"
-	"blitter.com/go/hkexsh/hkexnet"
+	"blitter.com/go/xs/xsnet"
 )
 // Handle pty resizes (notify server side)
-func handleTermResizes(conn *hkexnet.Conn) {
+func handleTermResizes(conn *xsnet.Conn) {
 	ch := make(chan os.Signal, 1)
 	signal.Notify(ch, syscall.SIGWINCH)
 	wg.Add(1)
@ -30,7 +30,7 @@ func handleTermResizes(conn *hkexnet.Conn) {
 				log.Println(err)
 			}
 			termSzPacket := fmt.Sprintf("%d %d", rows, cols)
-			conn.WritePacket([]byte(termSzPacket), hkexnet.CSOTermSize) // nolint: errcheck,gosec
+			conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize) // nolint: errcheck,gosec
 		}
 	}()
 	ch <- syscall.SIGWINCH // Initial resize.
--- a/hkexsh/termsize_windows.go
+++ b/hkexsh/termsize_windows.go
@ -6,11 +6,11 @@ import (
 	"log"
 	"time"
-	"blitter.com/go/hkexsh/hkexnet"
+	"blitter.com/go/xs/xsnet"
 )
 // Handle pty resizes (notify server side)
-func handleTermResizes(conn *hkexnet.Conn) {
+func handleTermResizes(conn *xsnet.Conn) {
 	var hasStty bool
 	curCols, curRows := 0, 0
 	_, _, err := GetSize()
@ -57,7 +57,7 @@ func handleTermResizes(conn *hkexnet.Conn) {
 					log.Println(err)
 				}
 				termSzPacket := fmt.Sprintf("%d %d", curRows, curCols)
-				conn.WritePacket([]byte(termSzPacket), hkexnet.CSOTermSize)
+				conn.WritePacket([]byte(termSzPacket), xsnet.CSOTermSize)
 			}
 		}
 	}()
--- a/xs/xs-vis-fixedup.png
+++ b/xs/xs-vis-fixedup.png
--- a/xs/xs-vis.gv
+++ b/xs/xs-vis.gv
@ -0,0 +1,549 @@
 digraph gocallvis {
    label="blitter.com/go/xs/xs";
    labeljust="l";
    fontname="Arial";
    fontsize="14";
    rankdir="LR";
    bgcolor="lightgray";
    style="solid";
    penwidth="0.5";
    pad="0.0";
    nodesep="0.35";
    node [shape="ellipse" style="filled" fillcolor="honeydew" fontname="Verdana" penwidth="1.0" margin="0.05,0.0"];
    edge [minlen="2"]
    subgraph "cluster_focus" {
        bgcolor="#e6ecfa";
 label="main";
 labelloc="t";
 labeljust="c";
 fontsize="18";
        "blitter.com/go/xs/xs.reqTunnel" [ fillcolor="lightblue" label="reqTunnel" penwidth="0.5" ]
        "blitter.com/go/xs/xs.launchTuns" [ label="launchTuns" penwidth="0.5" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.main$3" [ fillcolor="lightblue" label="main$3" style="dotted,filled" ]
        "blitter.com/go/xs/xs.doCopyMode" [ fillcolor="lightblue" label="doCopyMode" penwidth="0.5" ]
        "blitter.com/go/xs/xs.copyBuffer" [ fillcolor="lightblue" label="copyBuffer" penwidth="0.5" ]
        "blitter.com/go/xs/xs.copyBuffer$1" [ label="copyBuffer$1" style="dotted,filled" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.copyBuffer$2" [ label="copyBuffer$2" style="dotted,filled" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.copyBuffer$3" [ fillcolor="lightblue" label="copyBuffer$3" style="dotted,filled" ]
        "blitter.com/go/xs/xs.Copy" [ label="Copy" penwidth="1.5" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.doShellMode$1" [ fillcolor="lightblue" label="shellRemoteToStdin" style="dotted,filled" ]
        "blitter.com/go/xs/xs.doShellMode$1$1" [ fillcolor="lightblue" label="doShellMode$1$1" style="dotted,filled" ]
        "blitter.com/go/xs/xs.exitWithStatus" [ fillcolor="lightblue" label="exitWithStatus" penwidth="0.5" ]
        "blitter.com/go/xs/xs.doShellMode" [ label="doShellMode" penwidth="0.5" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.handleTermResizes$1" [ fillcolor="lightblue" label="handleTermResizes$1" style="dotted,filled" ]
        "blitter.com/go/xs/xs.GetSize" [ fillcolor="lightblue" label="GetSize" penwidth="1.5" ]
        "blitter.com/go/xs/xs.handleTermResizes" [ label="handleTermResizes" penwidth="0.5" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.doShellMode$2$1" [ fillcolor="lightblue" label="doShellMode$2$1" style="dotted,filled" ]
        "blitter.com/go/xs/xs.doShellMode$2" [ fillcolor="lightblue" label="shellStdinToRemote" style="dotted,filled" ]
        "blitter.com/go/xs/xs.sendSessionParams" [ fillcolor="lightblue" label="sendSessionParams" penwidth="0.5" ]
        "blitter.com/go/xs/xs.main" [ label="main" penwidth="0.5" fillcolor="lightblue" ]
        "blitter.com/go/xs/xs.parseNonSwitchArgs" [ fillcolor="lightblue" label="parseNonSwitchArgs" penwidth="0.5" ]
        "blitter.com/go/xs/xs.main$1" [ fillcolor="lightblue" label="deferRestore" style="dotted,filled" ]
        "blitter.com/go/xs/xs.main$2" [ fillcolor="lightblue" label="deferCloseChaff" style="dotted,filled" ]
        "blitter.com/go/xs/xs.rejectUserMsg" [ fillcolor="lightblue" label="rejectUserMsg" penwidth="0.5" ]
        "blitter.com/go/xs/xs.usageShell" [ fillcolor="lightblue" label="usageShell" penwidth="0.5" ]
        "blitter.com/go/xs/xs.usageCp" [ label="usageCp" penwidth="0.5" fillcolor="lightblue" ]
        subgraph "cluster_blitter.com/go/xs" {
        penwidth="0.8";
 style="filled";
 rank="sink";
 tooltip="package: blitter.com/go/xs";
 fontsize="16";
 fillcolor="lightyellow";
 fontname="bold";
 label="[xs]";
 URL="/?f=blitter.com/go/xs";
        "blitter.com/go/xs.Restore" [ fillcolor="moccasin" label="Restore" penwidth="1.5" ]
        "blitter.com/go/xs.MakeRaw" [ penwidth="1.5" fillcolor="moccasin" label="MakeRaw" ]
        "blitter.com/go/xs.ReadPassword" [ fillcolor="moccasin" label="ReadPassword" penwidth="1.5" ]
        "blitter.com/go/xs.NewSession" [ fillcolor="moccasin" label="NewSession" penwidth="1.5" ]
        subgraph "cluster_*blitter.com/go/xs.Session" {
        fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*Session)";
 tooltip="type: *blitter.com/go/xs.Session";
 penwidth="0.5";
        "(*blitter.com/go/xs.Session).SetStatus" [ fillcolor="moccasin" label="SetStatus" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs.Session" {
        style="rounded,filled";
 fillcolor="wheat2";
 label="(Session)";
 tooltip="type: blitter.com/go/xs.Session";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
        "(blitter.com/go/xs.Session).Cmd" [ fillcolor="moccasin" label="Cmd" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).Status" [ penwidth="1.5" fillcolor="moccasin" label="Status" ]
        "(blitter.com/go/xs.Session).Op" [ fillcolor="moccasin" label="Op" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).Who" [ fillcolor="moccasin" label="Who" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).ConnHost" [ fillcolor="moccasin" label="ConnHost" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).TermType" [ fillcolor="moccasin" label="TermType" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).AuthCookie" [ label="AuthCookie" penwidth="1.5" fillcolor="moccasin" ]
    }
    }
        subgraph "cluster_blitter.com/go/xs/logger" {
        fontsize="16";
 URL="/?f=blitter.com/go/xs/logger";
 penwidth="0.8";
 style="filled";
 fillcolor="lightyellow";
 fontname="bold";
 rank="sink";
 label="[logger]";
 tooltip="package: blitter.com/go/xs/logger";
        "blitter.com/go/xs/logger.LogDebug" [ fillcolor="moccasin" label="LogDebug" penwidth="1.5" ]
        "blitter.com/go/xs/logger.New" [ fillcolor="moccasin" label="New" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs/spinsult" {
        fillcolor="lightyellow";
 fontname="bold";
 label="[spinsult]";
 URL="/?f=blitter.com/go/xs/spinsult";
 tooltip="package: blitter.com/go/xs/spinsult";
 penwidth="0.8";
 fontsize="16";
 style="filled";
 rank="sink";
        "blitter.com/go/xs/spinsult.GetSentence" [ fillcolor="moccasin" label="GetSentence" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs/xsnet" {
        penwidth="0.8";
 fillcolor="lightyellow";
 fontname="bold";
 rank="sink";
 URL="/?f=blitter.com/go/xs/xsnet";
 fontsize="16";
 style="filled";
 label="[xsnet]";
 tooltip="package: blitter.com/go/xs/xsnet";
        "blitter.com/go/xs/xsnet.Init" [ fillcolor="moccasin" label="Init" penwidth="1.5" ]
        "blitter.com/go/xs/xsnet.Dial" [ label="Dial" penwidth="1.5" fillcolor="moccasin" ]
        subgraph "cluster_*blitter.com/go/xs/xsnet.Conn" {
        fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*Conn)";
 tooltip="type: *blitter.com/go/xs/xsnet.Conn";
 penwidth="0.5";
 fontsize="15";
        "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ penwidth="1.5" fillcolor="moccasin" label="WritePacket" ]
        "(*blitter.com/go/xs/xsnet.Conn).SetStatus" [ fillcolor="moccasin" label="SetStatus" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).Close" [ penwidth="1.5" fillcolor="moccasin" label="Close" ]
        "(*blitter.com/go/xs/xsnet.Conn).SetupChaff" [ penwidth="1.5" fillcolor="moccasin" label="SetupChaff" ]
        "(*blitter.com/go/xs/xsnet.Conn).EnableChaff" [ fillcolor="moccasin" label="EnableChaff" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).DisableChaff" [ fillcolor="moccasin" label="DisableChaff" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).ShutdownChaff" [ fillcolor="moccasin" label="ShutdownChaff" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs/xsnet.Conn" {
        labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(Conn)";
 tooltip="type: blitter.com/go/xs/xsnet.Conn";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
        "(blitter.com/go/xs/xsnet.Conn).Read" [ label="Read" penwidth="1.5" fillcolor="moccasin" ]
        "(blitter.com/go/xs/xsnet.Conn).GetStatus" [ fillcolor="moccasin" label="GetStatus" penwidth="1.5" ]
        "(blitter.com/go/xs/xsnet.Conn).Write" [ label="Write" penwidth="1.5" fillcolor="moccasin" ]
    }
    }
        subgraph "cluster_compress/flate" {
        fontsize="16";
 fillcolor="#E0FFE1";
 label="[compress/flate]";
 URL="/?f=compress/flate";
 penwidth="0.8";
 style="filled";
 fontname="bold";
 rank="sink";
 tooltip="package: compress/flate";
        subgraph "cluster_compress/flate.CorruptInputError" {
        tooltip="type: compress/flate.CorruptInputError";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(CorruptInputError)";
        "(compress/flate.CorruptInputError).Error" [ penwidth="1.5" fillcolor="#adedad" label="Error" ]
    }
        subgraph "cluster_compress/flate.InternalError" {
        fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(InternalError)";
 tooltip="type: compress/flate.InternalError";
 penwidth="0.5";
        "(compress/flate.InternalError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
    }
        subgraph "cluster_context" {
        fontsize="16";
 style="filled";
 penwidth="0.8";
 fontname="bold";
 rank="sink";
 label="[context]";
 URL="/?f=context";
 tooltip="package: context";
 fillcolor="#E0FFE1";
        subgraph "cluster_context.deadlineExceededError" {
        fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(deadlineExceededError)";
 tooltip="type: context.deadlineExceededError";
 penwidth="0.5";
        "(context.deadlineExceededError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
    }
        subgraph "cluster_crypto/aes" {
        style="filled";
 fillcolor="#E0FFE1";
 rank="sink";
 label="[crypto/aes]";
 penwidth="0.8";
 fontsize="16";
 fontname="bold";
 URL="/?f=crypto/aes";
 tooltip="package: crypto/aes";
        subgraph "cluster_crypto/aes.KeySizeError" {
        fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(KeySizeError)";
 tooltip="type: crypto/aes.KeySizeError";
 penwidth="0.5";
 fontsize="15";
        "(crypto/aes.KeySizeError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
    }
        subgraph "cluster_crypto/tls" {
        tooltip="package: crypto/tls";
 fontsize="16";
 style="filled";
 fontname="bold";
 rank="sink";
 label="[crypto/tls]";
 URL="/?f=crypto/tls";
 penwidth="0.8";
 fillcolor="#E0FFE1";
        subgraph "cluster_crypto/tls.RecordHeaderError" {
        fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(RecordHeaderError)";
 tooltip="type: crypto/tls.RecordHeaderError";
 penwidth="0.5";
 fontsize="15";
        "(crypto/tls.RecordHeaderError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
        subgraph "cluster_crypto/tls.alert" {
        penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(alert)";
 tooltip="type: crypto/tls.alert";
        "(crypto/tls.alert).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
    }
        subgraph "cluster_crypto/x509" {
        penwidth="0.8";
 tooltip="package: crypto/x509";
 fontsize="16";
 style="filled";
 fillcolor="#E0FFE1";
 fontname="bold";
 rank="sink";
 label="[crypto/x509]";
 URL="/?f=crypto/x509";
        subgraph "cluster_crypto/x509.CertificateInvalidError" {
        penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(CertificateInvalidError)";
 tooltip="type: crypto/x509.CertificateInvalidError";
        "(crypto/x509.CertificateInvalidError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
        subgraph "cluster_crypto/x509.HostnameError" {
        labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(HostnameError)";
 tooltip="type: crypto/x509.HostnameError";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
        "(crypto/x509.HostnameError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
        subgraph "cluster_crypto/x509.SystemRootsError" {
        fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(SystemRootsError)";
 tooltip="type: crypto/x509.SystemRootsError";
 penwidth="0.5";
        "(crypto/x509.SystemRootsError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
        subgraph "cluster_crypto/x509.UnhandledCriticalExtension" {
        style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(UnhandledCriticalExtension)";
 tooltip="type: crypto/x509.UnhandledCriticalExtension";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
        "(crypto/x509.UnhandledCriticalExtension).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
        subgraph "cluster_crypto/x509.UnknownAuthorityError" {
        style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(UnknownAuthorityError)";
 tooltip="type: crypto/x509.UnknownAuthorityError";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
        "(crypto/x509.UnknownAuthorityError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
    }
        subgraph "cluster_github.com/mattn/go-isatty" {
        fontname="bold";
 penwidth="0.8";
 fillcolor="lightyellow";
 rank="sink";
 label="[isatty]";
 URL="/?f=github.com/mattn/go-isatty";
 tooltip="package: github.com/mattn/go-isatty";
 fontsize="16";
 style="filled";
        "github.com/mattn/go-isatty.IsTerminal" [ label="IsTerminal" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_github.com/pkg/errors" {
        style="filled";
 fillcolor="lightyellow";
 URL="/?f=github.com/pkg/errors";
 rank="sink";
 label="[errors]";
 tooltip="package: github.com/pkg/errors";
 penwidth="0.8";
 fontsize="16";
 fontname="bold";
        subgraph "cluster_*github.com/pkg/errors.fundamental" {
        label="(*fundamental)";
 tooltip="type: *github.com/pkg/errors.fundamental";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
        "(*github.com/pkg/errors.fundamental).Error" [ penwidth="1.5" fillcolor="moccasin" label="Error" ]
    }
    }
        subgraph "cluster_math/rand" {
        penwidth="0.8";
 fillcolor="#E0FFE1";
 rank="sink";
 URL="/?f=math/rand";
 fontsize="16";
 style="filled";
 fontname="bold";
 label="[math/rand]";
 tooltip="package: math/rand";
        "math/rand.Intn" [ fillcolor="#adedad" label="Intn" penwidth="1.5" ]
    }
    }
    "blitter.com/go/xs/xs.reqTunnel" -> "blitter.com/go/xs/logger.LogDebug" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.reqTunnel" -> "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.launchTuns" -> "blitter.com/go/xs/xs.reqTunnel" [  ]
    "blitter.com/go/xs/xs.main$3" -> "math/rand.Intn" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main$3" -> "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doCopyMode" -> "(blitter.com/go/xs.Session).Cmd" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doCopyMode" -> "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doCopyMode" -> "(blitter.com/go/xs/xsnet.Conn).Read" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doCopyMode" -> "(*blitter.com/go/xs/xsnet.Conn).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doCopyMode" -> "(blitter.com/go/xs/xsnet.Conn).GetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.copyBuffer" -> "(blitter.com/go/xs/xsnet.Conn).Write" [ color="saddlebrown" style="dashed" ]
    "blitter.com/go/xs/xs.copyBuffer" -> "blitter.com/go/xs/xs.copyBuffer$1" [ style="dashed" ]
    "blitter.com/go/xs/xs.copyBuffer" -> "blitter.com/go/xs/xs.copyBuffer$2" [ style="dashed" ]
    "blitter.com/go/xs/xs.copyBuffer" -> "blitter.com/go/xs/xs.copyBuffer$3" [ style="dashed" ]
    "blitter.com/go/xs/xs.Copy" -> "blitter.com/go/xs/xs.copyBuffer" [  ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "blitter.com/go/xs/xs.doShellMode$1$1" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "blitter.com/go/xs.Restore" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(blitter.com/go/xs/xsnet.Conn).GetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(*blitter.com/go/xs.Session).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(blitter.com/go/xs.Session).Status" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "blitter.com/go/xs/xs.exitWithStatus" [  ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/x509.CertificateInvalidError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/aes.KeySizeError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/x509.HostnameError).Error" [ color="saddlebrown" style="dashed" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/x509.UnhandledCriticalExtension).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(context.deadlineExceededError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(compress/flate.CorruptInputError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/tls.RecordHeaderError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/x509.UnknownAuthorityError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/x509.SystemRootsError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(compress/flate.InternalError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(crypto/tls.alert).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$1" -> "(*github.com/pkg/errors.fundamental).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode" -> "blitter.com/go/xs/xs.doShellMode$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xs.handleTermResizes$1" -> "blitter.com/go/xs/xs.GetSize" [  ]
    "blitter.com/go/xs/xs.handleTermResizes$1" -> "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.handleTermResizes" -> "blitter.com/go/xs/xs.handleTermResizes$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xs.doShellMode" -> "blitter.com/go/xs/xs.handleTermResizes" [  ]
    "blitter.com/go/xs/xs.doShellMode$2$1" -> "blitter.com/go/xs/xs.Copy" [  ]
    "blitter.com/go/xs/xs.doShellMode$2" -> "blitter.com/go/xs/xs.doShellMode$2$1" [  ]
    "blitter.com/go/xs/xs.doShellMode$2" -> "blitter.com/go/xs.Restore" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.doShellMode$2" -> "blitter.com/go/xs/xs.exitWithStatus" [  ]
    "blitter.com/go/xs/xs.doShellMode" -> "blitter.com/go/xs/xs.doShellMode$2" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs.Session).Op" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs.Session).Who" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs.Session).ConnHost" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs.Session).TermType" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs.Session).Cmd" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs.Session).AuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.sendSessionParams" -> "(blitter.com/go/xs/xsnet.Conn).Write" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.parseNonSwitchArgs" [  ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.main$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.exitWithStatus" [  ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/logger.New" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xsnet.Init" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xsnet.Dial" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "(*blitter.com/go/xs/xsnet.Conn).Close" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "github.com/mattn/go-isatty.IsTerminal" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs.MakeRaw" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main$2" -> "blitter.com/go/xs.Restore" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.main$2" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs.ReadPassword" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs.NewSession" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.sendSessionParams" [  ]
    "blitter.com/go/xs/xs.main" -> "(blitter.com/go/xs/xsnet.Conn).Read" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "(*blitter.com/go/xs.Session).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.rejectUserMsg" -> "blitter.com/go/xs/spinsult.GetSentence" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.rejectUserMsg" [  ]
    "blitter.com/go/xs/xs.main" -> "(*blitter.com/go/xs/xsnet.Conn).SetupChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "(*blitter.com/go/xs/xsnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "(*blitter.com/go/xs/xsnet.Conn).DisableChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "(*blitter.com/go/xs/xsnet.Conn).ShutdownChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.main$3" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.launchTuns" [  ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.doShellMode" [  ]
    "blitter.com/go/xs/xs.main" -> "(blitter.com/go/xs.Session).Status" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.doCopyMode" [  ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs.Restore" [ color="saddlebrown" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.usageShell" [ style="dashed" ]
    "blitter.com/go/xs/xs.main" -> "blitter.com/go/xs/xs.usageCp" [ style="dashed" ]
 }
--- a/hkexsh/hkexsh.go
+++ b/hkexsh/hkexsh.go
@ -1,4 +1,4 @@
-// hkexsh client
+// xs client
 //
 // Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
@ -33,10 +33,10 @@ import (
 	"net/http"
 	_ "net/http/pprof"
-	hkexsh "blitter.com/go/hkexsh"
+	xs "blitter.com/go/xs"
-	"blitter.com/go/hkexsh/hkexnet"
+	"blitter.com/go/xs/xsnet"
-	"blitter.com/go/hkexsh/logger"
+	"blitter.com/go/xs/logger"
-	"blitter.com/go/hkexsh/spinsult"
+	"blitter.com/go/xs/spinsult"
 	isatty "github.com/mattn/go-isatty"
 )
@ -110,7 +110,7 @@ type (
 // some client escape sequences to trigger special actions during
 // interactive sessions.
 //
-// (See go doc hkexsh/hkexsh.{escSeqs,escHandler})
+// (See go doc xs/xs.{escSeqs,escHandler})
 func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
 	written, err = copyBuffer(dst, src, nil)
 	return
@ -123,7 +123,7 @@ func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
 // go stdlib pkg/io, with escape sequence interpretation to trigger
 // some special client-side actions.
 //
-// (See go doc hkexsh/hkexsh.{escSeqs,escHandler})
+// (See go doc xs/xs.{escSeqs,escHandler})
 func copyBuffer(dst io.Writer, src io.Reader, buf []byte) (written int64, err error) {
 	// NOTE: using dst.Write() in these esc funcs will cause the output
 	// to function as a 'macro', outputting as if user typed the sequence
@ -240,10 +240,10 @@ func GetSize() (cols, rows int, err error) {
 	return
 }
-// doCopyMode begins a secure hkexsh local<->remote file copy operation.
+// doCopyMode begins a secure xs local<->remote file copy operation.
 //
 // TODO: reduce gocyclo
-func doCopyMode(conn *hkexnet.Conn, remoteDest bool, files string, rec *hkexsh.Session) (exitStatus uint32, err error) {
+func doCopyMode(conn *xsnet.Conn, remoteDest bool, files string, rec *xs.Session) (exitStatus uint32, err error) {
 	if remoteDest {
 		log.Println("local files:", files, "remote filepath:", string(rec.Cmd()))
@ -328,7 +328,7 @@ func doCopyMode(conn *hkexnet.Conn, remoteDest bool, files string, rec *hkexsh.S
 			log.Println("Sending local exitStatus:", exitStatus)
 			r := make([]byte, 4)
 			binary.BigEndian.PutUint32(r, exitStatus)
-			_, we := conn.WritePacket(r, hkexnet.CSOExitStatus)
+			_, we := conn.WritePacket(r, xsnet.CSOExitStatus)
 			if we != nil {
 				fmt.Println("Error:", we)
 			}
@ -398,9 +398,9 @@ func doCopyMode(conn *hkexnet.Conn, remoteDest bool, files string, rec *hkexsh.S
 	return
 }
-// doShellMode begins an hkexsh shell session (one-shot command or
+// doShellMode begins an xs shell session (one-shot command or
 // interactive).
-func doShellMode(isInteractive bool, conn *hkexnet.Conn, oldState *hkexsh.State, rec *hkexsh.Session) {
+func doShellMode(isInteractive bool, conn *xsnet.Conn, oldState *xs.State, rec *xs.Session) {
 	//client reader (from server) goroutine
 	//Read remote end's stdout
@ -420,7 +420,7 @@ func doShellMode(isInteractive bool, conn *hkexnet.Conn, oldState *hkexsh.State,
 		// exit with inerr == nil
 		_, inerr := io.Copy(os.Stdout, conn)
 		if inerr != nil {
-			_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // #nosec
+			_ = xs.Restore(int(os.Stdin.Fd()), oldState) // #nosec
 			// Copy operations and user logging off will cause
 			// a "use of closed network connection" so handle that
 			// gracefully here
@ -435,7 +435,7 @@ func doShellMode(isInteractive bool, conn *hkexnet.Conn, oldState *hkexsh.State,
 		if isInteractive {
 			log.Println("[* Got EOF *]")
-			_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // #nosec
+			_ = xs.Restore(int(os.Stdin.Fd()), oldState) // #nosec
 			exitWithStatus(int(rec.Status()))
 		}
 	}
@ -453,7 +453,7 @@ func doShellMode(isInteractive bool, conn *hkexnet.Conn, oldState *hkexsh.State,
 		// TODO:.gv:doShellMode:2:shellStdinToRemote
 		shellStdinToRemote := func() {
 			defer wg.Done()
-			_, outerr := func(conn *hkexnet.Conn, r io.Reader) (w int64, e error) {
+			_, outerr := func(conn *xsnet.Conn, r io.Reader) (w int64, e error) {
 				// Copy() expects EOF so this will
 				// exit with outerr == nil
 				w, e = Copy(conn, r)
@ -463,7 +463,7 @@ func doShellMode(isInteractive bool, conn *hkexnet.Conn, oldState *hkexsh.State,
 			if outerr != nil {
 				log.Println(outerr)
 				fmt.Println(outerr)
-				_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // #nosec
+				_ = xs.Restore(int(os.Stdin.Fd()), oldState) // #nosec
 				log.Println("[Hanging up]")
 				exitWithStatus(0)
 			}
@ -500,8 +500,8 @@ func rejectUserMsg() string {
 // Transmit request to server for it to set up the remote end of a tunnel
 //
 // Server responds with [CSOTunAck:rport] or [CSOTunRefused:rport]
-// (handled in hkexnet.Read())
+// (handled in xsnet.Read())
-func reqTunnel(hc *hkexnet.Conn, lp uint16, p string /*net.Addr*/, rp uint16) {
+func reqTunnel(hc *xsnet.Conn, lp uint16, p string /*net.Addr*/, rp uint16) {
 	// Write request to server so it can attempt to set up its end
 	var bTmp bytes.Buffer
 	if e := binary.Write(&bTmp, binary.BigEndian, lp); e != nil {
@ -511,7 +511,7 @@ func reqTunnel(hc *hkexnet.Conn, lp uint16, p string /*net.Addr*/, rp uint16) {
 		fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck
 	}
 	_ = logger.LogDebug(fmt.Sprintln("[Client sending CSOTunSetup]")) // nolint: gosec
-	if n, e := hc.WritePacket(bTmp.Bytes(), hkexnet.CSOTunSetup); e != nil || n != len(bTmp.Bytes()) {
+	if n, e := hc.WritePacket(bTmp.Bytes(), xsnet.CSOTunSetup); e != nil || n != len(bTmp.Bytes()) {
 		fmt.Fprintln(os.Stderr, "reqTunnel:", e) // nolint: errcheck
 	}
 }
@ -551,7 +551,7 @@ func parseNonSwitchArgs(a []string) (user, host, path string, isDest bool, other
 	return fancyUser, fancyHost, fancyPath, isDest, otherArgs
 }
-func launchTuns(conn *hkexnet.Conn, remoteHost string, tuns string) {
+func launchTuns(conn *xsnet.Conn, remoteHost string, tuns string) {
 	remAddrs, _ := net.LookupHost(remoteHost) // nolint: gosec
 	if tuns == "" {
@ -566,7 +566,7 @@ func launchTuns(conn *hkexnet.Conn, remoteHost string, tuns string) {
 	}
 }
-func sendSessionParams(conn io.Writer /* *hkexnet.Conn*/, rec *hkexsh.Session) (e error) {
+func sendSessionParams(conn io.Writer /* *xsnet.Conn*/, rec *xs.Session) (e error) {
 	_, e = fmt.Fprintf(conn, "%d %d %d %d %d %d\n",
 		len(rec.Op()), len(rec.Who()), len(rec.ConnHost()), len(rec.TermType()), len(rec.Cmd()), len(rec.AuthCookie(true)))
 	if e != nil {
@ -641,7 +641,7 @@ func main() {
 	// Find out what program we are (shell or copier)
 	myPath := strings.Split(os.Args[0], string(os.PathSeparator))
 	if myPath[len(myPath)-1] != "hkexcp" && myPath[len(myPath)-1] != "hkexcp.exe" {
-		// hkexsh accepts a command (-x) but not
+		// xs accepts a command (-x) but not
 		// a srcpath (-r) or dstpath (-t)
 		flag.StringVar(&cmdStr, "x", "", "run <`command`> (if not specified, run interactive shell)")
 		flag.StringVar(&tunSpecStr, "T", "", "``tunnelspec - localPort:remotePort[,localPort:remotePort,...]")
@ -742,8 +742,8 @@ func main() {
 	// either the shell session or copy operation.
 	_ = shellMode
-	Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "hkexsh") // nolint: errcheck,gosec
+	Log, _ = logger.New(logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xs") // nolint: errcheck,gosec
-	hkexnet.Init(dbg, "hkexsh", logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
+	xsnet.Init(dbg, "xs", logger.LOG_USER|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
 	if dbg {
 		log.SetOutput(Log)
 	} else {
@ -753,7 +753,7 @@ func main() {
 	if !gopt {
 		// See if we can log in via an auth token
 		u, _ := user.Current() // nolint: gosec
-		ab, aerr := ioutil.ReadFile(fmt.Sprintf("%s/.hkexsh_id", u.HomeDir))
+		ab, aerr := ioutil.ReadFile(fmt.Sprintf("%s/.xs_id", u.HomeDir))
 		if aerr == nil {
 			idx := strings.Index(string(ab), remoteHost)
 			if idx >= 0 {
@ -767,7 +767,7 @@ func main() {
 				_, _ = fmt.Fprintln(os.Stderr, "[no authtoken, use -g to request one from server]")
 			}
 		} else {
-			log.Printf("[cannot read %s/.hkexsh_id]\n", u.HomeDir)
+			log.Printf("[cannot read %s/.xs_id]\n", u.HomeDir)
 		}
 	}
@ -826,7 +826,7 @@ func main() {
 	if kcpMode != "unused" {
 			proto = "kcp"
 	}
-	conn, err := hkexnet.Dial(proto, server, cipherAlg, hmacAlg, kexAlg, kcpMode)
+	conn, err := xsnet.Dial(proto, server, cipherAlg, hmacAlg, kexAlg, kcpMode)
 	if err != nil {
 		fmt.Println(err)
 		exitWithStatus(3)
@ -837,16 +837,16 @@ func main() {
 	// Set stdin in raw mode if it's an interactive session
 	// TODO: send flag to server side indicating this
 	//  affects shell command used
-	var oldState *hkexsh.State
+	var oldState *xs.State
 	if shellMode {
 		if isatty.IsTerminal(os.Stdin.Fd()) {
-			oldState, err = hkexsh.MakeRaw(int(os.Stdin.Fd()))
+			oldState, err = xs.MakeRaw(int(os.Stdin.Fd()))
 			if err != nil {
 				panic(err)
 			}
 			// #gv:s/label=\"main\$1\"/label=\"deferRestore\"/
 			// TODO:.gv:main:1:deferRestore
-			defer func() { _ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) }() // nolint: errcheck,gosec
+			defer func() { _ = xs.Restore(int(os.Stdin.Fd()), oldState) }() // nolint: errcheck,gosec
 		} else {
 			log.Println("NOT A TTY")
 		}
@ -855,7 +855,7 @@ func main() {
 	if len(authCookie) == 0 {
 		//No auth token, prompt for password
 		fmt.Printf("Gimme cookie:")
-		ab, e := hkexsh.ReadPassword(int(os.Stdin.Fd()))
+		ab, e := xs.ReadPassword(int(os.Stdin.Fd()))
 		fmt.Printf("\r\n")
 		if e != nil {
 			panic(e)
@ -866,7 +866,7 @@ func main() {
 	runtime.GC()
 	// Set up session params and send over to server
-	rec := hkexsh.NewSession(op, []byte(uname), []byte(remoteHost), []byte(os.Getenv("TERM")), []byte(cmdStr), []byte(authCookie), 0)
+	rec := xs.NewSession(op, []byte(uname), []byte(remoteHost), []byte(os.Getenv("TERM")), []byte(cmdStr), []byte(authCookie), 0)
 	sendErr := sendSessionParams(&conn, rec)
 	if sendErr != nil {
 		log.Fatal(sendErr)
@ -909,7 +909,7 @@ func main() {
 				// FIXME: keepAlives should probably have small random packet len/data as well
 				// to further obscure them vs. interactive or tunnel data
 				// keepAlives must be  >=2 bytes, due to processing elsewhere
-				conn.WritePacket([]byte{0, 0}, hkexnet.CSOTunKeepAlive) // nolint: errcheck,gosec
+				conn.WritePacket([]byte{0, 0}, xsnet.CSOTunKeepAlive) // nolint: errcheck,gosec
 			}
 		}
 		go keepAliveWorker()
@ -924,13 +924,13 @@ func main() {
 		}
 		if rec.Status() != 0 {
-			_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState)                     // nolint: errcheck,gosec
+			_ = xs.Restore(int(os.Stdin.Fd()), oldState)                     // nolint: errcheck,gosec
 			fmt.Fprintln(os.Stderr, "Session exited with status:", rec.Status()) // nolint: errcheck
 		}
 	}
 	if oldState != nil {
-		_ = hkexsh.Restore(int(os.Stdin.Fd()), oldState) // nolint: gosec
+		_ = xs.Restore(int(os.Stdin.Fd()), oldState) // nolint: gosec
 	}
 	exitWithStatus(int(rec.Status()))
--- a/xs/xs_seq.png
+++ b/xs/xs_seq.png
--- a/hkexshd.initrc
+++ b/hkexshd.initrc
@ -1,11 +1,11 @@
 #!/sbin/openrc-run
-SVCNAME=hkexshd
+SVCNAME=xsd
-HKEXSHD_PIDFILE=/var/run/hkexshd.pid
+XSD_PIDFILE=/var/run/xsd.pid
-HKEXSHD_USER=root
+XSD_USER=root
-HKEXSHD_HOME=/var/run
+XSD_HOME=/var/run
 INST_PREFIX=/usr/local
-COMMAND=$INST_PREFIX/sbin/hkexshd
+COMMAND=$INST_PREFIX/sbin/xsd
 ARGS=""
 depend() {
@ -25,8 +25,8 @@ start() {
    ebegin "Starting ${SVCNAME}"
    start-stop-daemon \
-        -d ${HKEXSHD_HOME} \
+        -d ${XSD_HOME} \
-        --make-pidfile --pidfile ${HKEXSHD_PIDFILE} \
+        --make-pidfile --pidfile ${XSD_PIDFILE} \
        --start --quiet --background \
        --exec "${COMMAND}" "${ARGS}"
    eend $?
@ -34,6 +34,6 @@ start() {
 stop() {
    ebegin "Stopping ${SVCNAME}"
-    start-stop-daemon --stop --quiet --pidfile $HKEXSHD_PIDFILE
+    start-stop-daemon --stop --quiet --pidfile $XSD_PIDFILE
    eend $?
 }
--- a/hkexshd/Makefile
+++ b/hkexshd/Makefile
@ -10,8 +10,8 @@ clean:
 	$(RM) $(EXE) $(EXE).exe
 vis:
-	go-callvis -file hkexshd-vis -format png -ignore $(EXTPKGS) -group pkg,type .
+	go-callvis -file xsd-vis -format png -ignore $(EXTPKGS) -group pkg,type .
-	../fixup-gv.sh hkexshd.go && cat hkexshd-vis.gv | dot -Tpng -ohkexshd-vis-fixedup.png
+	../fixup-gv.sh xsd.go && cat xsd-vis.gv | dot -Tpng -oxsd-vis-fixedup.png
 lint:
 	-gometalinter --deadline=60s | sort
--- a/hkexshd/hkexshd-vis.png
+++ b/hkexshd/hkexshd-vis.png
--- a/xsd/xsd-vis-fixedup.png
+++ b/xsd/xsd-vis-fixedup.png
--- a/xsd/xsd-vis.gv
+++ b/xsd/xsd-vis.gv
@ -0,0 +1,347 @@
 digraph gocallvis {
    label="blitter.com/go/xs/xsd";
    labeljust="l";
    fontname="Arial";
    fontsize="14";
    rankdir="LR";
    bgcolor="lightgray";
    style="solid";
    penwidth="0.5";
    pad="0.0";
    nodesep="0.35";
    node [shape="ellipse" style="filled" fillcolor="honeydew" fontname="Verdana" penwidth="1.0" margin="0.05,0.0"];
    edge [minlen="2"]
    subgraph "cluster_focus" {
        label="main";
 labelloc="t";
 labeljust="c";
 fontsize="18";
 bgcolor="#e6ecfa";
        "blitter.com/go/xs/xsd.main$2" [ style="dotted,filled" fillcolor="lightblue" label="main$2" ]
        "blitter.com/go/xs/xsd.GenAuthToken" [ fillcolor="lightblue" label="GenAuthToken" penwidth="1.5" ]
        "blitter.com/go/xs/xsd.runShellAs" [ fillcolor="lightblue" label="runShellAs" penwidth="0.5" ]
        "blitter.com/go/xs/xsd.runShellAs$1" [ fillcolor="lightblue" label="deferPtmxClose" style="dotted,filled" ]
        "blitter.com/go/xs/xsd.ptsName" [ label="ptsName" penwidth="0.5" fillcolor="lightblue" ]
        "blitter.com/go/xs/xsd.ioctl" [ fillcolor="lightblue" label="ioctl" penwidth="0.5" ]
        "blitter.com/go/xs/xsd.runShellAs$2" [ fillcolor="lightblue" label="termResizeWatcher" style="dotted,filled" ]
        "blitter.com/go/xs/xsd.runShellAs$3" [ style="dotted,filled" fillcolor="lightblue" label="stdinToPtyWorker" ]
        "blitter.com/go/xs/xsd.runShellAs$4" [ style="dotted,filled" fillcolor="lightblue" label="deferChaffShutdown" ]
        "blitter.com/go/xs/xsd.runShellAs$5" [ fillcolor="lightblue" label="ptyToStdoutWorker" style="dotted,filled" ]
        "blitter.com/go/xs/xsd.runShellAs$6" [ fillcolor="lightblue" label="runShellAs$6" style="dotted,filled" ]
        "blitter.com/go/xs/xsd.runClientToServerCopyAs" [ fillcolor="lightblue" label="runClientToServerCopyAs" penwidth="0.5" ]
        "blitter.com/go/xs/xsd.runServerToClientCopyAs" [ fillcolor="lightblue" label="runServerToClientCopyAs" penwidth="0.5" ]
        "blitter.com/go/xs/xsd.main" [ fillcolor="lightblue" label="main" penwidth="0.5" ]
        "blitter.com/go/xs/xsd.main$1" [ fillcolor="lightblue" label="main$1" style="dotted,filled" ]
        subgraph "cluster_blitter.com/go/goutmp" {
        URL="/?f=blitter.com/go/goutmp";
 tooltip="package: blitter.com/go/goutmp";
 fontsize="16";
 style="filled";
 fillcolor="lightyellow";
 fontname="bold";
 rank="sink";
 label="[goutmp]";
 penwidth="0.8";
        "blitter.com/go/goutmp.GetHost" [ fillcolor="moccasin" label="GetHost" penwidth="1.5" ]
        "blitter.com/go/goutmp.Put_utmp" [ fillcolor="moccasin" label="Put_utmp" penwidth="1.5" ]
        "blitter.com/go/goutmp.Unput_utmp" [ label="Unput_utmp" penwidth="1.5" fillcolor="moccasin" ]
        "blitter.com/go/goutmp.Put_lastlog_entry" [ fillcolor="moccasin" label="Put_lastlog_entry" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs" {
        fontsize="16";
 fontname="bold";
 rank="sink";
 penwidth="0.8";
 fillcolor="lightyellow";
 label="[xs]";
 URL="/?f=blitter.com/go/xs";
 tooltip="package: blitter.com/go/xs";
 style="filled";
        "blitter.com/go/xs.AuthUserByToken" [ fillcolor="moccasin" label="AuthUserByToken" penwidth="1.5" ]
        "blitter.com/go/xs.AuthUserByPasswd" [ label="AuthUserByPasswd" penwidth="1.5" fillcolor="moccasin" ]
        subgraph "cluster_*blitter.com/go/xs.Session" {
        tooltip="type: *blitter.com/go/xs.Session";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*Session)";
        "(*blitter.com/go/xs.Session).SetOp" [ fillcolor="moccasin" label="SetOp" penwidth="1.5" ]
        "(*blitter.com/go/xs.Session).SetWho" [ penwidth="1.5" fillcolor="moccasin" label="SetWho" ]
        "(*blitter.com/go/xs.Session).SetConnHost" [ penwidth="1.5" fillcolor="moccasin" label="SetConnHost" ]
        "(*blitter.com/go/xs.Session).SetTermType" [ fillcolor="moccasin" label="SetTermType" penwidth="1.5" ]
        "(*blitter.com/go/xs.Session).SetCmd" [ fillcolor="moccasin" label="SetCmd" penwidth="1.5" ]
        "(*blitter.com/go/xs.Session).SetAuthCookie" [ fillcolor="moccasin" label="SetAuthCookie" penwidth="1.5" ]
        "(*blitter.com/go/xs.Session).ClearAuthCookie" [ fillcolor="moccasin" label="ClearAuthCookie" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs.Session" {
        fillcolor="wheat2";
 label="(Session)";
 tooltip="type: blitter.com/go/xs.Session";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
        "(blitter.com/go/xs.Session).Op" [ fillcolor="moccasin" label="Op" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).Who" [ fillcolor="moccasin" label="Who" penwidth="1.5" ]
        "(blitter.com/go/xs.Session).ConnHost" [ penwidth="1.5" fillcolor="moccasin" label="ConnHost" ]
        "(blitter.com/go/xs.Session).Cmd" [ penwidth="1.5" fillcolor="moccasin" label="Cmd" ]
        "(blitter.com/go/xs.Session).AuthCookie" [ label="AuthCookie" penwidth="1.5" fillcolor="moccasin" ]
        "(blitter.com/go/xs.Session).TermType" [ fillcolor="moccasin" label="TermType" penwidth="1.5" ]
    }
    }
        subgraph "cluster_blitter.com/go/xs/logger" {
        penwidth="0.8";
 fontsize="16";
 style="filled";
 fontname="bold";
 URL="/?f=blitter.com/go/xs/logger";
 fillcolor="lightyellow";
 rank="sink";
 label="[logger]";
 tooltip="package: blitter.com/go/xs/logger";
        "blitter.com/go/xs/logger.LogNotice" [ fillcolor="moccasin" label="LogNotice" penwidth="1.5" ]
        "blitter.com/go/xs/logger.LogDebug" [ fillcolor="moccasin" label="LogDebug" penwidth="1.5" ]
        "blitter.com/go/xs/logger.LogErr" [ fillcolor="moccasin" label="LogErr" penwidth="1.5" ]
        "blitter.com/go/xs/logger.New" [ label="New" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_blitter.com/go/xs/xsnet" {
        penwidth="0.8";
 label="[xsnet]";
 fillcolor="lightyellow";
 fontname="bold";
 rank="sink";
 URL="/?f=blitter.com/go/xs/xsnet";
 tooltip="package: blitter.com/go/xs/xsnet";
 fontsize="16";
 style="filled";
        "blitter.com/go/xs/xsnet.Init" [ fillcolor="moccasin" label="Init" penwidth="1.5" ]
        "blitter.com/go/xs/xsnet.Listen" [ fillcolor="moccasin" label="Listen" penwidth="1.5" ]
        subgraph "cluster_*blitter.com/go/xs/xsnet.Conn" {
        label="(*Conn)";
 tooltip="type: *blitter.com/go/xs/xsnet.Conn";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
        "(*blitter.com/go/xs/xsnet.Conn).Close" [ fillcolor="moccasin" label="Close" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).RemoteAddr" [ fillcolor="moccasin" label="RemoteAddr" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).EnableChaff" [ fillcolor="moccasin" label="EnableChaff" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).DisableChaff" [ label="DisableChaff" penwidth="1.5" fillcolor="moccasin" ]
        "(*blitter.com/go/xs/xsnet.Conn).ShutdownChaff" [ fillcolor="moccasin" label="ShutdownChaff" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).SetStatus" [ fillcolor="moccasin" label="SetStatus" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ fillcolor="moccasin" label="WritePacket" penwidth="1.5" ]
        "(*blitter.com/go/xs/xsnet.Conn).SetupChaff" [ penwidth="1.5" fillcolor="moccasin" label="SetupChaff" ]
    }
        subgraph "cluster_*blitter.com/go/xs/xsnet.HKExListener" {
        labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*HKExListener)";
 tooltip="type: *blitter.com/go/xs/xsnet.HKExListener";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
        "(*blitter.com/go/xs/xsnet.HKExListener).Accept" [ penwidth="1.5" fillcolor="moccasin" label="Accept" ]
    }
        subgraph "cluster_blitter.com/go/xs/xsnet.Conn" {
        tooltip="type: blitter.com/go/xs/xsnet.Conn";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(Conn)";
        "(blitter.com/go/xs/xsnet.Conn).Write" [ fillcolor="moccasin" label="Write" penwidth="1.5" ]
    }
        subgraph "cluster_blitter.com/go/xs/xsnet.HKExListener" {
        style="rounded,filled";
 fillcolor="wheat2";
 label="(HKExListener)";
 tooltip="type: blitter.com/go/xs/xsnet.HKExListener";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
 labelloc="b";
        "(blitter.com/go/xs/xsnet.HKExListener).Close" [ label="Close" penwidth="1.5" fillcolor="moccasin" ]
    }
    }
        subgraph "cluster_context" {
        fontsize="16";
 fillcolor="#E0FFE1";
 label="[context]";
 tooltip="package: context";
 penwidth="0.8";
 style="filled";
 fontname="bold";
 rank="sink";
 URL="/?f=context";
        subgraph "cluster_context.deadlineExceededError" {
        labelloc="b";
 style="rounded,filled";
 fillcolor="#c2e3c2";
 label="(deadlineExceededError)";
 tooltip="type: context.deadlineExceededError";
 penwidth="0.5";
 fontsize="15";
 fontcolor="#222222";
        "(context.deadlineExceededError).Error" [ fillcolor="#adedad" label="Error" penwidth="1.5" ]
    }
    }
        subgraph "cluster_github.com/kr/pty" {
        label="[pty]";
 URL="/?f=github.com/kr/pty";
 penwidth="0.8";
 style="filled";
 fillcolor="lightyellow";
 rank="sink";
 fontsize="16";
 fontname="bold";
 tooltip="package: github.com/kr/pty";
        "github.com/kr/pty.Start" [ fillcolor="moccasin" label="Start" penwidth="1.5" ]
        "github.com/kr/pty.Setsize" [ label="Setsize" penwidth="1.5" fillcolor="moccasin" ]
    }
        subgraph "cluster_github.com/pkg/errors" {
        fontname="bold";
 label="[errors]";
 style="filled";
 fontsize="16";
 fillcolor="lightyellow";
 rank="sink";
 URL="/?f=github.com/pkg/errors";
 tooltip="package: github.com/pkg/errors";
 penwidth="0.8";
        subgraph "cluster_*github.com/pkg/errors.fundamental" {
        fontcolor="#222222";
 labelloc="b";
 style="rounded,filled";
 fillcolor="wheat2";
 label="(*fundamental)";
 tooltip="type: *github.com/pkg/errors.fundamental";
 penwidth="0.5";
 fontsize="15";
        "(*github.com/pkg/errors.fundamental).Error" [ label="Error" penwidth="1.5" fillcolor="moccasin" ]
    }
    }
    }
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs/xsnet.Conn).Close" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).SetOp" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).SetWho" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).SetConnHost" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).SetTermType" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).SetCmd" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).SetAuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs.Session).Op" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs.Session).Who" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs.Session).ConnHost" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs.Session).Cmd" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs.Session).AuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs.AuthUserByToken" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs.Session).ClearAuthCookie" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs.AuthUserByPasswd" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs/xsnet.Conn).Write" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs/logger.LogNotice" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs/xsnet.Conn).RemoteAddr" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/goutmp.GetHost" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs/xsd.GenAuthToken" [  ]
    "blitter.com/go/xs/xsd.main$2" -> "(blitter.com/go/xs.Session).TermType" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "github.com/kr/pty.Start" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.runShellAs$1" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/xs/xsd.ptsName" -> "blitter.com/go/xs/xsd.ioctl" [  ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.ptsName" [  ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/goutmp.Put_utmp" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs$2" -> "blitter.com/go/goutmp.Unput_utmp" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.runShellAs$2" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/goutmp.Put_lastlog_entry" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs$3" -> "github.com/kr/pty.Setsize" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.runShellAs$3" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xsd.runShellAs$4" -> "(context.deadlineExceededError).Error" [ color="saddlebrown" style="dashed" ]
    "blitter.com/go/xs/xsd.runShellAs$4" -> "(*github.com/pkg/errors.fundamental).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.runShellAs$4" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "(*blitter.com/go/xs/xsnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs$5" -> "(*blitter.com/go/xs/xsnet.Conn).DisableChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs$5" -> "(*blitter.com/go/xs/xsnet.Conn).ShutdownChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.runShellAs$5" [ arrowhead="normalnoneodiamond" ]
    "blitter.com/go/xs/xsd.runShellAs$6" -> "(context.deadlineExceededError).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs$6" -> "(*github.com/pkg/errors.fundamental).Error" [ style="dashed" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/xsd.runShellAs$6" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "blitter.com/go/xs/logger.LogDebug" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runShellAs" -> "(*blitter.com/go/xs/xsnet.Conn).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs/xsd.runShellAs" [  ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs/logger.LogErr" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs/xsnet.Conn).SetStatus" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runClientToServerCopyAs" -> "(*blitter.com/go/xs/xsnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runClientToServerCopyAs" -> "(*blitter.com/go/xs/xsnet.Conn).DisableChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runClientToServerCopyAs" -> "(*blitter.com/go/xs/xsnet.Conn).ShutdownChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs/xsd.runClientToServerCopyAs" [  ]
    "blitter.com/go/xs/xsd.main$2" -> "(*blitter.com/go/xs/xsnet.Conn).WritePacket" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runServerToClientCopyAs" -> "(*blitter.com/go/xs/xsnet.Conn).EnableChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runServerToClientCopyAs" -> "(*blitter.com/go/xs/xsnet.Conn).DisableChaff" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.runServerToClientCopyAs" -> "(*blitter.com/go/xs/xsnet.Conn).ShutdownChaff" [ color="saddlebrown" arrowhead="normalnoneodiamond" ]
    "blitter.com/go/xs/xsd.main$2" -> "blitter.com/go/xs/xsd.runServerToClientCopyAs" [  ]
    "blitter.com/go/xs/xsd.main" -> "blitter.com/go/xs/logger.New" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main" -> "blitter.com/go/xs/xsnet.Init" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main$1" -> "blitter.com/go/xs/logger.LogNotice" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main" -> "blitter.com/go/xs/xsd.main$1" [ arrowhead="normalnoneodot" ]
    "blitter.com/go/xs/xsd.main" -> "blitter.com/go/xs/xsnet.Listen" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main" -> "(blitter.com/go/xs/xsnet.HKExListener).Close" [ arrowhead="normalnoneodiamond" color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main" -> "(*blitter.com/go/xs/xsnet.HKExListener).Accept" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main" -> "(*blitter.com/go/xs/xsnet.Conn).SetupChaff" [ color="saddlebrown" ]
    "blitter.com/go/xs/xsd.main" -> "blitter.com/go/xs/xsd.main$2" [ arrowhead="normalnoneodot" ]
 }
--- a/hkexshd/hkexshd.go
+++ b/hkexshd/hkexshd.go
@ -1,6 +1,6 @@
-// hkexshd server
+// xsd server
 //
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
@ -28,9 +28,9 @@ import (
 	"unsafe"
 	"blitter.com/go/goutmp"
-	hkexsh "blitter.com/go/hkexsh"
+	xs "blitter.com/go/xs"
-	"blitter.com/go/hkexsh/hkexnet"
+	"blitter.com/go/xs/xsnet"
-	"blitter.com/go/hkexsh/logger"
+	"blitter.com/go/xs/logger"
 	"github.com/kr/pty"
 )
@ -63,7 +63,7 @@ func ptsName(fd uintptr) (string, error) {
 /* -------------------------------------------------------------- */
 // Perform a client->server copy
-func runClientToServerCopyAs(who, ttype string, conn *hkexnet.Conn, fpath string, chaffing bool) (exitStatus uint32, err error) {
+func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string, chaffing bool) (exitStatus uint32, err error) {
 	u, _ := user.Lookup(who) // nolint: gosec
 	var uid, gid uint32
 	fmt.Sscanf(u.Uid, "%d", &uid) // nolint: gosec,errcheck
@ -139,7 +139,7 @@ func runClientToServerCopyAs(who, ttype string, conn *hkexnet.Conn, fpath string
 		log.Println("cmd exited immediately. Cannot get cmd.Wait().ExitStatus()")
 		err = errors.New("cmd exited prematurely")
 		//exitStatus = uint32(254)
-		exitStatus = hkexnet.CSEExecFail
+		exitStatus = xsnet.CSEExecFail
 	} else {
 		if err := c.Wait(); err != nil {
 			//fmt.Println("*** c.Wait() done ***")
@ -163,7 +163,7 @@ func runClientToServerCopyAs(who, ttype string, conn *hkexnet.Conn, fpath string
 }
 // Perform a server->client copy
-func runServerToClientCopyAs(who, ttype string, conn *hkexnet.Conn, srcPath string, chaffing bool) (exitStatus uint32, err error) {
+func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string, chaffing bool) (exitStatus uint32, err error) {
 	u, err := user.Lookup(who)
 	if err != nil {
 		exitStatus = 1
@ -225,7 +225,7 @@ func runServerToClientCopyAs(who, ttype string, conn *hkexnet.Conn, srcPath stri
 	err = c.Start() // returns immediately
 	if err != nil {
 		log.Printf("Command finished with error: %v", err)
-		return hkexnet.CSEExecFail, err // !?
+		return xsnet.CSEExecFail, err // !?
 	}
 	if err := c.Wait(); err != nil {
 		//fmt.Println("*** c.Wait() done ***")
@ -253,7 +253,7 @@ func runServerToClientCopyAs(who, ttype string, conn *hkexnet.Conn, srcPath stri
 //
 // Uses ptys to support commands which expect a terminal.
 // nolint: gocyclo
-func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *hkexnet.Conn, chaffing bool) (exitStatus uint32, err error) {
+func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Conn, chaffing bool) (exitStatus uint32, err error) {
 	var wg sync.WaitGroup
 	u, err := user.Lookup(who)
 	if err != nil {
@ -314,7 +314,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *hkexnet.C
 	ptmx, err := pty.Start(c) // returns immediately with ptmx file
 	if err != nil {
 		log.Println(err)
-		return hkexnet.CSEPtyExecFail, err
+		return xsnet.CSEPtyExecFail, err
 	}
 	// Make sure to close the pty at the end.
 	// #gv:s/label=\"runShellAs\$1\"/label=\"deferPtmxClose\"/
@ -326,11 +326,11 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *hkexnet.C
 	// get pty info for system accounting (who, lastlog)
 	pts, pe := ptsName(ptmx.Fd())
 	if pe != nil {
-		return hkexnet.CSEPtyGetNameFail, err
+		return xsnet.CSEPtyGetNameFail, err
 	}
 	utmpx := goutmp.Put_utmp(who, pts, hname)
 	defer func() { goutmp.Unput_utmp(utmpx) }()
-	goutmp.Put_lastlog_entry("hkexsh", who, pts, hname)
+	goutmp.Put_lastlog_entry("xs", who, pts, hname)
 	log.Printf("[%s]\n", cmd)
 	if err != nil {
@ -400,7 +400,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *hkexnet.C
 					log.Printf("Exit Status: %d", exitStatus)
 				}
 			}
-			conn.SetStatus(hkexnet.CSOType(exitStatus))
+			conn.SetStatus(xsnet.CSOType(exitStatus))
 		} else {
 			logger.LogDebug("*** Main proc has exited. ***")
 			// Background jobs still may be running; close the
@ -431,7 +431,7 @@ func GenAuthToken(who string, connhost string) string {
 // Demo of a simple server that listens and spawns goroutines for each
 // connecting client. Note this code is identical to standard tcp
-// server code, save for declaring 'hkex' rather than 'net'
+// server code, save for declaring 'xsnet' rather than 'net'
 // Listener and Conns. The KEx and encrypt/decrypt is done within the type.
 // Compare to 'serverp.go' in this directory to see the equivalence.
 // TODO: reduce gocyclo
@ -478,8 +478,8 @@ func main() {
 		chaffBytesMax = 64
 	}
-	Log, _ = logger.New(logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "hkexshd") // nolint: gosec
+	Log, _ = logger.New(logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xsd") // nolint: gosec
-	hkexnet.Init(dbg, "hkexshd", logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
+	xsnet.Init(dbg, "xsd", logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
 	if dbg {
 		log.SetOutput(Log)
 	} else {
@ -513,7 +513,7 @@ func main() {
 	if kcpMode != "unused" {
 		proto = "kcp"
 	}
-	l, err := hkexnet.Listen(proto, laddr, kcpMode)
+	l, err := xsnet.Listen(proto, laddr, kcpMode)
 	if err != nil {
 		log.Fatal(err)
 	}
@ -536,28 +536,28 @@ func main() {
 			// Handle the connection in a new goroutine.
 			// The loop then returns to accepting, so that
 			// multiple connections may be served concurrently.
-			go func(hc *hkexnet.Conn) (e error) {
+			go func(hc *xsnet.Conn) (e error) {
 				defer hc.Close() // nolint: errcheck
 				//We use io.ReadFull() here to guarantee we consume
-				//just the data we want for the hkexsh.Session, and no more.
+				//just the data we want for the xs.Session, and no more.
 				//Otherwise data will be sitting in the channel that isn't
 				//passed down to the command handlers.
-				var rec hkexsh.Session
+				var rec xs.Session
 				var len1, len2, len3, len4, len5, len6 uint32
 				n, err := fmt.Fscanf(hc, "%d %d %d %d %d %d\n", &len1, &len2, &len3, &len4, &len5, &len6)
-				log.Printf("hkexsh.Session read:%d %d %d %d %d %d\n", len1, len2, len3, len4, len5, len6)
+				log.Printf("xs.Session read:%d %d %d %d %d %d\n", len1, len2, len3, len4, len5, len6)
 				if err != nil || n < 6 {
-					log.Println("[Bad hkexsh.Session fmt]")
+					log.Println("[Bad xs.Session fmt]")
 					return err
 				}
 				tmp := make([]byte, len1)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
-					log.Println("[Bad hkexsh.Session.Op]")
+					log.Println("[Bad xs.Session.Op]")
 					return err
 				}
 				rec.SetOp(tmp)
@ -565,7 +565,7 @@ func main() {
 				tmp = make([]byte, len2)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
-					log.Println("[Bad hkexsh.Session.Who]")
+					log.Println("[Bad xs.Session.Who]")
 					return err
 				}
 				rec.SetWho(tmp)
@ -573,7 +573,7 @@ func main() {
 				tmp = make([]byte, len3)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
-					log.Println("[Bad hkexsh.Session.ConnHost]")
+					log.Println("[Bad xs.Session.ConnHost]")
 					return err
 				}
 				rec.SetConnHost(tmp)
@ -581,7 +581,7 @@ func main() {
 				tmp = make([]byte, len4)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
-					log.Println("[Bad hkexsh.Session.TermType]")
+					log.Println("[Bad xs.Session.TermType]")
 					return err
 				}
 				rec.SetTermType(tmp)
@ -589,7 +589,7 @@ func main() {
 				tmp = make([]byte, len5)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
-					log.Println("[Bad hkexsh.Session.Cmd]")
+					log.Println("[Bad xs.Session.Cmd]")
 					return err
 				}
 				rec.SetCmd(tmp)
@ -597,20 +597,20 @@ func main() {
 				tmp = make([]byte, len6)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
-					log.Println("[Bad hkexsh.Session.AuthCookie]")
+					log.Println("[Bad xs.Session.AuthCookie]")
 					return err
 				}
 				rec.SetAuthCookie(tmp)
-				log.Printf("[hkexsh.Session: op:%c who:%s connhost:%s cmd:%s auth:****]\n",
+				log.Printf("[xs.Session: op:%c who:%s connhost:%s cmd:%s auth:****]\n",
 					rec.Op()[0], string(rec.Who()), string(rec.ConnHost()), string(rec.Cmd()))
 				var valid bool
 				var allowedCmds string // Currently unused
-				if hkexsh.AuthUserByToken(string(rec.Who()), string(rec.ConnHost()), string(rec.AuthCookie(true))) {
+				if xs.AuthUserByToken(string(rec.Who()), string(rec.ConnHost()), string(rec.AuthCookie(true))) {
 					valid = true
 				} else {
-					valid, allowedCmds = hkexsh.AuthUserByPasswd(string(rec.Who()), string(rec.AuthCookie(true)), "/etc/hkexsh.passwd")
+					valid, allowedCmds = xs.AuthUserByPasswd(string(rec.Who()), string(rec.AuthCookie(true)), "/etc/xs.passwd")
 				}
 				// Security scrub
@ -633,7 +633,7 @@ func main() {
 					hname := goutmp.GetHost(addr.String())
 					logger.LogNotice(fmt.Sprintf("[Generating autologin token for [%s@%s]]\n", rec.Who(), hname)) // nolint: gosec,errcheck
 					token := GenAuthToken(string(rec.Who()), string(rec.ConnHost()))
-					tokenCmd := fmt.Sprintf("echo \"%s\" | tee -a ~/.hkexsh_id", token)
+					tokenCmd := fmt.Sprintf("echo \"%s\" | tee -a ~/.xs_id", token)
 					cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), tokenCmd, false, hc, chaffEnabled)
 					// Returned hopefully via an EOF or exit/logout;
 					// Clear current op so user can enter next, or EOF
@ -642,7 +642,7 @@ func main() {
 						logger.LogErr(fmt.Sprintf("[Error generating autologin token for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
 					} else {
 						log.Printf("[Autologin token generation completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)
-						hc.SetStatus(hkexnet.CSOType(cmdStatus))
+						hc.SetStatus(xsnet.CSOType(cmdStatus))
 					}
 				} else if rec.Op()[0] == 'c' {
 					// Non-interactive command
@ -657,7 +657,7 @@ func main() {
 						logger.LogErr(fmt.Sprintf("[Error spawning cmd for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
 					} else {
 						logger.LogNotice(fmt.Sprintf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
-						hc.SetStatus(hkexnet.CSOType(cmdStatus))
+						hc.SetStatus(xsnet.CSOType(cmdStatus))
 					}
 				} else if rec.Op()[0] == 's' {
 					// Interactive session
@ -673,7 +673,7 @@ func main() {
 						Log.Err(fmt.Sprintf("[Error spawning shell for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
 					} else {
 						logger.LogNotice(fmt.Sprintf("[Shell completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
-						hc.SetStatus(hkexnet.CSOType(cmdStatus))
+						hc.SetStatus(xsnet.CSOType(cmdStatus))
 					}
 				} else if rec.Op()[0] == 'D' {
 					// File copy (destination) operation - client copy to server
@ -690,13 +690,13 @@ func main() {
 					} else {
 						logger.LogNotice(fmt.Sprintf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
 					}
-					hc.SetStatus(hkexnet.CSOType(cmdStatus))
+					hc.SetStatus(xsnet.CSOType(cmdStatus))
 					// Send CSOExitStatus *before* client closes channel
 					s := make([]byte, 4)
 					binary.BigEndian.PutUint32(s, cmdStatus)
 					log.Printf("** cp writing closeStat %d at Close()\n", cmdStatus)
-					hc.WritePacket(s, hkexnet.CSOExitStatus) // nolint: gosec,errcheck
+					hc.WritePacket(s, xsnet.CSOExitStatus) // nolint: gosec,errcheck
 				} else if rec.Op()[0] == 'S' {
 					// File copy (src) operation - server copy to client
 					log.Printf("[Server->Client copy]\n")
@ -712,12 +712,12 @@ func main() {
 					}
 					// Clear current op so user can enter next, or EOF
 					rec.SetOp([]byte{0})
-					hc.SetStatus(hkexnet.CSOType(cmdStatus))
+					hc.SetStatus(xsnet.CSOType(cmdStatus))
 					//fmt.Println("Waiting for EOF from other end.")
 					//_, _ = hc.Read(nil /*ackByte*/)
 					//fmt.Println("Got remote end ack.")
 				} else {
-					logger.LogErr(fmt.Sprintln("[Bad hkexsh.Session]")) // nolint: gosec,errcheck
+					logger.LogErr(fmt.Sprintln("[Bad xs.Session]")) // nolint: gosec,errcheck
 				}
 				return
 			}(&conn) // nolint: errcheck
--- a/hkexnet/Makefile
+++ b/hkexnet/Makefile
--- a/hkexnet/hkexchan.go
+++ b/hkexnet/hkexchan.go
@ -1,6 +1,6 @@
-package hkexnet
+package xsnet
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
@ -57,7 +57,7 @@ func expandKeyMat(keymat []byte, blocksize int) []byte {
 }
 /* Support functionality to set up encryption after a channel has
-been negotiated via hkexnet.go
+been negotiated via xsnet.go
 */
 func (hc Conn) getStream(keymat []byte) (rc cipher.Stream, mc hash.Hash, err error) {
 	var key []byte
--- a/hkexnet/consts.go
+++ b/hkexnet/consts.go
@ -1,16 +1,16 @@
-// consts.go - consts for hkexnet
+// consts.go - consts for xsnet
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
-package hkexnet
+package xsnet
 // KEX algorithm values
 //
 // Specified (in string form) as the extensions parameter
-// to hkexnet.Dial()
+// to xsnet.Dial()
 // Alg is sent in a uint8 so there are up to 256 possible
 const (
 	KEX_HERRADURA256 = iota // this MUST be first for default if omitted in ctor
@ -32,7 +32,7 @@ const (
 )
 // Sent from client to server in order to specify which
-// algo shall be used (see hkexnet.KEX_HERRADURA256, ...)
+// algo shall be used (see xsnet.KEX_HERRADURA256, ...)
 type KEXAlg uint8
 // Extended exit status codes - indicate comm/pty issues
--- a/hkexnet/kcp.go
+++ b/hkexnet/kcp.go
@ -1,4 +1,4 @@
-package hkexnet
+package xsnet
 import (
 	"crypto/sha1"
@ -6,7 +6,7 @@ import (
 	"fmt"
 	"net"
-	"blitter.com/go/hkexsh/logger"
+	"blitter.com/go/xs/logger"
 	kcp "github.com/xtaci/kcp-go"
 	"golang.org/x/crypto/pbkdf2"
 )
--- a/hkexnet/hkexnet.go
+++ b/hkexnet/hkexnet.go
@ -1,13 +1,13 @@
-// hkexnet.go - net.Conn compatible channel setup with encrypted/HMAC
+// xsnet.go - net.Conn compatible channel setup with encrypted/HMAC
 // negotiation
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
-package hkexnet
+package xsnet
 // Implementation of HKEx-wrapped versions of the golang standard
 // net package interfaces, allowing clients and servers to simply replace
@ -41,7 +41,7 @@ import (
 	"time"
 	hkex "blitter.com/go/herradurakex"
-	"blitter.com/go/hkexsh/logger"
+	"blitter.com/go/xs/logger"
 	kyber "git.schwanenlied.me/yawning/kyber.git"
 	newhope "git.schwanenlied.me/yawning/newhope.git"
 )
@ -107,7 +107,7 @@ func (t *TunEndpoint) String() string {
 func _initLogging(d bool, c string, f logger.Priority) {
 	if Log == nil {
-		Log, _ = logger.New(f, fmt.Sprintf("%s:hkexnet", c))
+		Log, _ = logger.New(f, fmt.Sprintf("%s:xsnet", c))
 	}
 	if d {
 		log.SetFlags(0) // syslog will have date,time
@ -175,7 +175,7 @@ func (hc *Conn) SetOpts(opts uint32) {
 	hc.opts = opts
 }
-// Return a new hkexnet.Conn
+// Return a new xsnet.Conn
 //
 // Note this is internal: use Dial() or Accept()
 func _new(kexAlg KEXAlg, conn *net.Conn) (hc *Conn, e error) {
@ -323,7 +323,7 @@ func (r randReader) Read(b []byte) (n int, e error) {
 }
 func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
-	// Send hkexnet.Conn parameters to remote side
+	// Send xsnet.Conn parameters to remote side
 	// Alice, step 1: Generate a key pair.
 	r := new(randReader)
@ -368,7 +368,7 @@ func NewHopeDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 }
 func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
-	// Send hkexnet.Conn parameters to remote side
+	// Send xsnet.Conn parameters to remote side
 	// Alice, step 1: Generate a key pair.
 	r := new(randReader)
@ -412,7 +412,7 @@ func NewHopeSimpleDialSetup(c io.ReadWriter, hc *Conn) (err error) {
 }
 func KyberDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
-	// Send hkexnet.Conn parameters to remote side
+	// Send xsnet.Conn parameters to remote side
 	// Alice, step 1: Generate a key pair.
 	r := new(randReader)
@ -477,7 +477,7 @@ func HKExDialSetup(c io.ReadWriter /*net.Conn*/, hc *Conn) (err error) {
 		h = hkex.New(256, 64)
 	}
-	// Send hkexnet.Conn parameters to remote side
+	// Send xsnet.Conn parameters to remote side
 	// d is value for Herradura key exchange
 	fmt.Fprintf(c, "0x%s\n0x%x:0x%x\n", h.D().Text(16),
 		hc.cipheropts, hc.opts)
@ -647,7 +647,7 @@ func HKExAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 		h = hkex.New(256, 64)
 	}
-	// Read in hkexnet.Conn parameters over raw Conn c
+	// Read in xsnet.Conn parameters over raw Conn c
 	// d is value for Herradura key exchange
 	d := big.NewInt(0)
 	_, err = fmt.Fscanln(*c, d)
@ -686,7 +686,7 @@ func HKExAcceptSetup(c *net.Conn, hc *Conn) (err error) {
 //
 //   "H_SHA256" | "H_SHA512" | ...
 //
-// See go doc -u hkexnet.applyConnExtensions
+// See go doc -u xsnet.applyConnExtensions
 func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err error) {
 	if Log == nil {
 		Init(false, "client", logger.LOG_DAEMON|logger.LOG_DEBUG)
@ -705,7 +705,7 @@ func Dial(protocol string, ipport string, extensions ...string) (hc Conn, err er
 			return Conn{}, err
 		}
 	}
-	// Init hkexnet.Conn hc over net.Conn c
+	// Init xsnet.Conn hc over net.Conn c
 	ret, err := _new(getkexalgnum(extensions...), &c)
 	if err != nil {
 		return Conn{}, err
@ -1045,7 +1045,7 @@ func (hc Conn) Read(b []byte) (n int, err error) {
 			log.Printf("  <-ptext:\r\n%s\r\n", hex.Dump(payloadBytes[:n]))
 		}
 		if err != nil {
-			log.Println("hkexnet.Read():", err)
+			log.Println("xsnet.Read():", err)
 			//panic(err)
 		} else {
 			hc.rm.Write(payloadBytes) // Calc hmac on received data
--- a/hkexnet/hkextun.go
+++ b/hkexnet/hkextun.go
@ -1,12 +1,12 @@
-// hkextun.go - Tunnel setup using an established hkexnet.Conn
+// hkextun.go - Tunnel setup using an established xsnet.Conn
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
 // golang implementation by Russ Magee (rmagee_at_gmail.com)
-package hkexnet
+package xsnet
 import (
 	"bytes"
@ -18,7 +18,7 @@ import (
 	"sync"
 	"time"
-	"blitter.com/go/hkexsh/logger"
+	"blitter.com/go/xs/logger"
 )
 type (
--- a/hkexpasswd/Makefile
+++ b/hkexpasswd/Makefile
@ -10,7 +10,7 @@ clean:
 	$(RM) $(EXE) $(EXE).exe
 vis:
-	go-callvis -format png -file hkexpasswd-vis -ignore $(EXTPKGS) -group pkg,type .
+	go-callvis -format png -file xspasswd-vis -ignore $(EXTPKGS) -group pkg,type .
 lint:
 	-gometalinter --deadline=60s | sort
--- a/hkexpasswd/hkexpasswd-vis.png
+++ b/hkexpasswd/hkexpasswd-vis.png
--- a/hkexpasswd/hkexpasswd.go
+++ b/hkexpasswd/hkexpasswd.go
@ -1,7 +1,7 @@
 // Util to generate/store passwords for users in a file akin to /etc/passwd
 // suitable for the demo hkexsh server, using bcrypt.
 //
-// Copyright (c) 2017-2018 Russell Magee
+// Copyright (c) 2017-2019 Russell Magee
 // Licensed under the terms of the MIT license (see LICENSE.mit in this
 // distribution)
 //
@ -36,7 +36,7 @@ func main() {
 	flag.BoolVar(&vopt, "v", false, "show version")
 	flag.StringVar(&userName, "u", "", "username")
-	flag.StringVar(&pfName, "f", "/etc/hkexsh.passwd", "passwd file")
+	flag.StringVar(&pfName, "f", "/etc/xs.passwd", "passwd file")
 	flag.Parse()
 	if vopt {
@ -130,7 +130,7 @@ func main() {
 		records = append(records, newRec)
 	}
-	outFile, err := ioutil.TempFile("", "hkexsh-passwd")
+	outFile, err := ioutil.TempFile("", "xs-passwd")
 	if err != nil {
 		log.Fatal(err)
 	}
`@ -1,4 +1,4 @@`
	`module blitter.com/go/hkexsh`	`module blitter.com/go/xs`

	`go 1.12`	`go 1.12`