diff --git a/hkexauth.go b/hkexauth.go
index 6960249..da09c0b 100644
--- a/hkexauth.go
+++ b/hkexauth.go
@@ -68,7 +68,7 @@ func AuthUserByPasswd(username string, auth string, fname string) (valid bool, a
 	return
 }
 
-func AuthUserByToken(username string, auth string) (valid bool) {
+func AuthUserByToken(username string, connhostname string, auth string) (valid bool) {
 	u, ue := user.Lookup(username)
 	if ue != nil {
 		return false
diff --git a/hkexsession.go b/hkexsession.go
index ef88937..55b81a6 100644
--- a/hkexsession.go
+++ b/hkexsession.go
@@ -16,6 +16,7 @@ import (
 type Session struct {
 	op         []byte
 	who        []byte
+	connhost   []byte
 	termtype   []byte // client initial $TERM
 	cmd        []byte
 	authCookie []byte
@@ -44,6 +45,14 @@ func (h *Session) SetWho(w []byte) {
 	h.who = w
 }
 
+func (h Session) ConnHost() []byte {
+	return h.connhost
+}
+
+func (h *Session) SetConnHost(n []byte) {
+	h.connhost = n
+}
+
 func (h Session) TermType() []byte {
 	return h.termtype
 }
@@ -87,10 +96,11 @@ func (h *Session) SetStatus(s uint32) {
 	h.status = s
 }
 
-func NewSession(op, who, ttype, cmd, authcookie []byte, status uint32) *Session {
+func NewSession(op, who, connhost, ttype, cmd, authcookie []byte, status uint32) *Session {
 	return &Session{
 		op:         op,
 		who:        who,
+		connhost:   connhost,
 		termtype:   ttype,
 		cmd:        cmd,
 		authCookie: authcookie,
diff --git a/hkexsh/hkexsh.go b/hkexsh/hkexsh.go
index bb026eb..a7b9fd5 100755
--- a/hkexsh/hkexsh.go
+++ b/hkexsh/hkexsh.go
@@ -366,7 +366,7 @@ func main() {
 	}
 	flag.Parse()
 
-	remoteUser, tmpHost, tmpPath, pathIsDest, otherArgs :=
+	remoteUser, remoteHost, tmpPath, pathIsDest, otherArgs :=
 		parseNonSwitchArgs(flag.Args())
 	//fmt.Println("otherArgs:", otherArgs)
 
@@ -379,8 +379,8 @@ func main() {
 		uname = remoteUser
 	}
 
-	if tmpHost != "" {
-		server = tmpHost + ":" + fmt.Sprintf("%d", port)
+	if remoteHost != "" {
+		server = remoteHost + ":" + fmt.Sprintf("%d", port)
 	}
 	if tmpPath == "" {
 		tmpPath = "."
@@ -533,17 +533,18 @@ func main() {
 	}
 
 	// Set up session params and send over to server
-	rec := hkexsh.NewSession(op, []byte(uname), []byte(os.Getenv("TERM")), []byte(cmdStr), []byte(authCookie), 0)
-	_, err = fmt.Fprintf(conn, "%d %d %d %d %d\n",
-		len(rec.Op()), len(rec.Who()), len(rec.TermType()), len(rec.Cmd()), len(rec.AuthCookie(true)))
+	rec := hkexsh.NewSession(op, []byte(uname), []byte(remoteHost), []byte(os.Getenv("TERM")), []byte(cmdStr), []byte(authCookie), 0)
+	_, err = fmt.Fprintf(conn, "%d %d %d %d %d %d\n",
+		len(rec.Op()), len(rec.Who()), len(rec.ConnHost()), len(rec.TermType()), len(rec.Cmd()), len(rec.AuthCookie(true)))
 	_, err = conn.Write(rec.Op())
 	_, err = conn.Write(rec.Who())
+	_, err = conn.Write(rec.ConnHost())
 	_, err = conn.Write(rec.TermType())
 	_, err = conn.Write(rec.Cmd())
 	_, err = conn.Write(rec.AuthCookie(true))
 
 	//Security scrub
-	authCookie = nil
+	authCookie = ""
 	runtime.GC()
 
 	// Read auth reply from server
diff --git a/hkexshd/hkexshd.go b/hkexshd/hkexshd.go
index a4e8836..650cbb8 100755
--- a/hkexshd/hkexshd.go
+++ b/hkexshd/hkexshd.go
@@ -221,7 +221,7 @@ func runShellAs(who, ttype string, cmd string, interactive bool, conn hkexnet.Co
 	os.Setenv("HOME", u.HomeDir)
 	os.Setenv("TERM", ttype)
 	os.Setenv("HKEXSH", "1")
-	
+
 	var c *exec.Cmd
 	if interactive {
 		c = exec.Command("/bin/bash", "-i", "-l")
@@ -316,11 +316,12 @@ func runShellAs(who, ttype string, cmd string, interactive bool, conn hkexnet.Co
 	return
 }
 
-func GenAuthToken(who string) string {
-	tokenA, e := os.Hostname()
-	if e != nil {
-		tokenA = "badhost"
-	}
+func GenAuthToken(who string, connhost string) string {
+	//tokenA, e := os.Hostname()
+	//if e != nil {
+	//	tokenA = "badhost"
+	//}
+	tokenA := connhost
 
 	tokenB := make([]byte, 64)
 	_, _ = rand.Read(tokenB)
@@ -404,16 +405,16 @@ func main() {
 				//Otherwise data will be sitting in the channel that isn't
 				//passed down to the command handlers.
 				var rec hkexsh.Session
-				var len1, len2, len3, len4, len5 uint32
+				var len1, len2, len3, len4, len5, len6 uint32
 
-				n, err := fmt.Fscanf(hc, "%d %d %d %d %d\n", &len1, &len2, &len3, &len4, &len5)
-				log.Printf("hkexsh.Session read:%d %d %d %d %d\n", len1, len2, len3, len4, len5)
+				n, err := fmt.Fscanf(hc, "%d %d %d %d %d %d\n", &len1, &len2, &len3, &len4, &len5, &len6)
+				log.Printf("hkexsh.Session read:%d %d %d %d %d %d\n", len1, len2, len3, len4, len5, len6)
 
-				if err != nil || n < 5 {
+				if err != nil || n < 6 {
 					log.Println("[Bad hkexsh.Session fmt]")
 					return err
 				}
-				//fmt.Printf("  lens:%d %d %d %d %d\n", len1, len2, len3, len4, len5)
+				//fmt.Printf("  lens:%d %d %d %d %d %d\n", len1, len2, len3, len4, len5, len6)
 
 				tmp := make([]byte, len1, len1)
 				_, err = io.ReadFull(hc, tmp)
@@ -433,13 +434,21 @@ func main() {
 
 				tmp = make([]byte, len3, len3)
 				_, err = io.ReadFull(hc, tmp)
+				if err != nil {
+					log.Println("[Bad hkexsh.Session.ConnHost]")
+					return err
+				}
+				rec.SetConnHost(tmp)
+
+				tmp = make([]byte, len4, len4)
+				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
 					log.Println("[Bad hkexsh.Session.TermType]")
 					return err
 				}
 				rec.SetTermType(tmp)
 
-				tmp = make([]byte, len4, len4)
+				tmp = make([]byte, len5, len5)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
 					log.Println("[Bad hkexsh.Session.Cmd]")
@@ -447,7 +456,7 @@ func main() {
 				}
 				rec.SetCmd(tmp)
 
-				tmp = make([]byte, len5, len5)
+				tmp = make([]byte, len6, len6)
 				_, err = io.ReadFull(hc, tmp)
 				if err != nil {
 					log.Println("[Bad hkexsh.Session.AuthCookie]")
@@ -455,12 +464,12 @@ func main() {
 				}
 				rec.SetAuthCookie(tmp)
 
-				log.Printf("[hkexsh.Session: op:%c who:%s cmd:%s auth:****]\n",
-					rec.Op()[0], string(rec.Who()), string(rec.Cmd()))
+				log.Printf("[hkexsh.Session: op:%c who:%s connhost:%s cmd:%s auth:****]\n",
+					rec.Op()[0], string(rec.Who()), string(rec.ConnHost()), string(rec.Cmd()))
 
 				var valid bool
 				var allowedCmds string // Currently unused
-				if hkexsh.AuthUserByToken(string(rec.Who()), string(rec.AuthCookie(true))) {
+				if hkexsh.AuthUserByToken(string(rec.Who()), string(rec.ConnHost()), string(rec.AuthCookie(true))) {
 					valid = true
 				} else {
 					valid, allowedCmds = hkexsh.AuthUserByPasswd(string(rec.Who()), string(rec.AuthCookie(true)), "/etc/hkexsh.passwd")
@@ -485,7 +494,7 @@ func main() {
 					addr := hc.RemoteAddr()
 					hname := strings.Split(addr.String(), ":")[0]
 					log.Printf("[Generating autologin token for [%s@%s]]\n", rec.Who(), hname)
-					token := GenAuthToken(string(rec.Who()))
+					token := GenAuthToken(string(rec.Who()), string(rec.ConnHost()))
 					tokenCmd := fmt.Sprintf("echo \"%s\" | tee ~/.hkexsh_id", token)
 					runErr, cmdStatus := runShellAs(string(rec.Who()), string(rec.TermType()), tokenCmd, false, hc, chaffEnabled)
 					// Returned hopefully via an EOF or exit/logout;