diff --git a/demo/client/client.go b/demo/client/client.go
index b09c17d..ba71e5a 100644
--- a/demo/client/client.go
+++ b/demo/client/client.go
@@ -4,6 +4,8 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"log"
 	"os"
 	"sync"
 
@@ -34,6 +36,8 @@ func main() {
 	flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]")
 	flag.Parse()
 
+	log.SetOutput(ioutil.Discard)
+
 	conn, err := hkex.Dial("tcp", server, cAlg, hAlg)
 	if err != nil {
 		fmt.Println("Err!")
diff --git a/demo/server/server.go b/demo/server/server.go
index 67d63c5..24c34a0 100644
--- a/demo/server/server.go
+++ b/demo/server/server.go
@@ -3,6 +3,7 @@ package main
 import (
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os/exec"
 	"os/user"
@@ -36,13 +37,14 @@ type cmdRunner struct {
 	status     int
 }
 
-func cmd(r *cmdRunner) {
+/*
+ func cmd(r *cmdRunner) {
 	switch r.op {
 	case OpR:
 		//Clean up r.cmd beforehand
 		r.arg = strings.TrimSpace(r.arg)
 		fmt.Printf("[cmd was:'%s']\n", r.arg)
-		runCmdAs(r.who, r.arg)
+		runCmdAs(r.who, r.arg, nil)
 		fmt.Println(r.arg)
 		break
 	default:
@@ -50,14 +52,15 @@ func cmd(r *cmdRunner) {
 		break
 	}
 }
+*/
 
 // Run a command (via os.exec) as a specific user
-func runCmdAs(who string, cmd string) (err error) {
+func runCmdAs(who string, cmd string, conn hkex.Conn) (err error) {
 	u, _ := user.Lookup(who)
 	var uid, gid uint32
 	fmt.Sscanf(u.Uid, "%d", &uid)
 	fmt.Sscanf(u.Gid, "%d", &gid)
-	//fmt.Println("uid:", uid, "gid:", gid)
+	fmt.Println("uid:", uid, "gid:", gid)
 
 	args := strings.Split(cmd, " ")
 	arg0 := args[0]
@@ -65,6 +68,10 @@ func runCmdAs(who string, cmd string) (err error) {
 	c := exec.Command(arg0, args...)
 	c.SysProcAttr = &syscall.SysProcAttr{}
 	c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
+	c.Stdin = conn
+	c.Stdout = conn
+	c.Stderr = conn
+
 	err = c.Run()
 	if err != nil {
 		log.Printf("Command finished with error: %v", err)
@@ -84,6 +91,8 @@ func main() {
 	flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen")
 	flag.Parse()
 
+	log.SetOutput(ioutil.Discard)
+
 	// Listen on TCP port 2000 on all available unicast and
 	// anycast IP addresses of the local system.
 	l, err := hkex.Listen("tcp", laddr)
@@ -155,13 +164,18 @@ func main() {
 						//	authCookie:   "c00ki3",
 						//	status:       0}
 					}
-					
+
 					// From here, one could pass all subsequent data
 					// between client/server attached to an exec.Cmd,
 					// as data to/from a file, etc.
-					conn.Write([]byte("SERVER RESPONSE to '"))
-					conn.Write(data)
-					conn.Write([]byte("'\n"))
+					if *connOp == 's' {
+						fmt.Println("[Running shell]")
+						runCmdAs("larissa", "bash -l -i", conn)
+						// Returned hopefully via an EOF or exit/logout;
+						// Clear current op so user can enter next, or EOF
+						connOp = nil
+						fmt.Println("[Exiting shell]")
+					}
 					if strings.Trim(string(data), "\r\n") == "exit" {
 						conn.Close()
 					}
diff --git a/hkexnet.go b/hkexnet.go
index 5075dcf..210e90f 100644
--- a/hkexnet.go
+++ b/hkexnet.go
@@ -25,6 +25,7 @@ import (
 	"bytes"
 	"crypto/cipher"
 	"fmt"
+	"log"
 	"math/big"
 	"net"
 	"time"
@@ -104,27 +105,27 @@ func (c Conn) applyConnExtensions(extensions ...string) {
 	for _, s := range extensions {
 		switch s {
 		case "C_AES_256":
-			fmt.Println("[extension arg = C_AES_256]")
+			log.Println("[extension arg = C_AES_256]")
 			c.cipheropts &= (0xFFFFFF00)
 			c.cipheropts |= CAlgAES256
 			break
 		case "C_TWOFISH_128":
-			fmt.Println("[extension arg = C_TWOFISH_128]")
+			log.Println("[extension arg = C_TWOFISH_128]")
 			c.cipheropts &= (0xFFFFFF00)
 			c.cipheropts |= CAlgTwofish128
 			break
 		case "C_BLOWFISH_64":
-			fmt.Println("[extension arg = C_BLOWFISH_64]")
+			log.Println("[extension arg = C_BLOWFISH_64]")
 			c.cipheropts &= (0xFFFFFF00)
 			c.cipheropts |= CAlgBlowfish64
 			break
 		case "H_SHA256":
-			fmt.Println("[extension arg = H_SHA256]")
+			log.Println("[extension arg = H_SHA256]")
 			c.cipheropts &= (0xFFFF00FF)
 			c.cipheropts |= (HmacSHA256 << 8)
 			break
 		default:
-			fmt.Printf("[Dial ext \"%s\" ignored]\n", s)
+			log.Printf("[Dial ext \"%s\" ignored]\n", s)
 			break
 		}
 	}
@@ -161,10 +162,10 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
 	}
 
 	hc.h.PeerD = d
-	fmt.Printf("** D:%s\n", hc.h.d.Text(16))
-	fmt.Printf("**(c)** peerD:%s\n", hc.h.PeerD.Text(16))
+	log.Printf("** D:%s\n", hc.h.d.Text(16))
+	log.Printf("**(c)** peerD:%s\n", hc.h.PeerD.Text(16))
 	hc.h.FA()
-	fmt.Printf("**(c)** FA:%s\n", hc.h.fa)
+	log.Printf("**(c)** FA:%s\n", hc.h.fa)
 
 	hc.r = hc.getStream(hc.h.fa)
 	hc.w = hc.getStream(hc.h.fa)
@@ -277,10 +278,10 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
 		return hc, err
 	}
 	hc.h.PeerD = d
-	fmt.Printf("** D:%s\n", hc.h.d.Text(16))
-	fmt.Printf("**(s)** peerD:%s\n", hc.h.PeerD.Text(16))
+	log.Printf("** D:%s\n", hc.h.d.Text(16))
+	log.Printf("**(s)** peerD:%s\n", hc.h.PeerD.Text(16))
 	hc.h.FA()
-	fmt.Printf("**(s)** FA:%s\n", hc.h.fa)
+	log.Printf("**(s)** FA:%s\n", hc.h.fa)
 
 	fmt.Fprintf(c, "0x%s\n%08x:%08x:%02x\n", hc.h.d.Text(16),
 		hc.cipheropts, hc.opts, hc.op)
@@ -296,7 +297,7 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
 //
 // See go doc io.Reader
 func (c Conn) Read(b []byte) (n int, err error) {
-	fmt.Printf("[Decrypting...]\n")
+	log.Printf("[Decrypting...]\n")
 
 	//c.c.SetReadDeadline(time.Now().Add(1 * time.Second))
 	n, err = c.c.Read(b)
@@ -307,14 +308,14 @@ func (c Conn) Read(b []byte) (n int, err error) {
 		//	panic(err)
 		//}
 	}
-	fmt.Printf("  ctext:%+v\n", b[:n]) // print only used portion
+	log.Printf("  ctext:%+v\n", b[:n]) // print only used portion
 	db := bytes.NewBuffer(b[:n])
 	// The StreamReader acts like a pipe, decrypting
 	// whatever is available and forwarding the result
 	// to the parameter of Read() as a normal io.Reader
 	rs := &cipher.StreamReader{S: c.r, R: db}
 	n, err = rs.Read(b)
-	fmt.Printf("  ptext:%+v\n", b[:n])
+	log.Printf("  ptext:%+v\n", b[:n])
 	return
 }
 
@@ -322,8 +323,8 @@ func (c Conn) Read(b []byte) (n int, err error) {
 //
 // See go doc io.Writer
 func (c Conn) Write(b []byte) (n int, err error) {
-	fmt.Printf("[Encrypting...]\n")
-	fmt.Printf("  ptext:%+v\n", b)
+	log.Printf("[Encrypting...]\n")
+	log.Printf("  ptext:%+v\n", b)
 	var wb bytes.Buffer
 	// The StreamWriter acts like a pipe, forwarding whatever is
 	// written to it through the cipher, encrypting as it goes
@@ -332,28 +333,7 @@ func (c Conn) Write(b []byte) (n int, err error) {
 	if err != nil {
 		panic(err)
 	}
-	fmt.Printf("  ctext:%+v\n", wb.Bytes())
+	log.Printf("  ctext:%+v\n", wb.Bytes())
 	n, err = c.c.Write(wb.Bytes())
 	return
 }
-
-// Return c coerced into a HKEx Conn (which implements interface net.Conn)
-//   Only useful if one wants to convert an open connection later to HKEx
-//   (Use Dial() instead to start with HKEx automatically.)
-/*
- func NewHKExConn(c *net.Conn) (hc *Conn) {
-	hc = new(Conn)
-
-	hc.c = *c
-	hc.h = New(0, 0)
-	d := big.NewInt(0)
-	_, err := fmt.Fscanln(hc.c, d)
-	if err != nil {
-		//
-	}
-	hc.h.PeerD = d
-	fmt.Printf("** D:%s\n", hc.h.d.Text(16))
-	fmt.Printf("** peerD:%s\n", hc.h.PeerD.Text(16))
-	return
-}
-*/