diff --git a/install.py b/install.py
index 90ea1dd..bf8abbd 100755
--- a/install.py
+++ b/install.py
@@ -245,8 +245,6 @@ def pip():
                         os.rename(tmpname, filename)
                     else:
                         os.remove(tmpname)
-            else:
-                print(pipcmd)
             # unix_cmd(pipcmd, doit, stdout=None)
             show.dirty = True
 
diff --git a/to_system/etc/ssh/sshd_config b/to_system/etc/ssh/sshd_config
new file mode 100644
index 0000000..5cce122
--- /dev/null
+++ b/to_system/etc/ssh/sshd_config
@@ -0,0 +1,122 @@
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/bin:/usr/games
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+KbdInteractiveAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv GIT*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/to_system/home/l_samenv/.config/linse_profile b/to_system/home/l_samenv/.config/linse_profile
index 2ea201b..28ba6cd 100644
--- a/to_system/home/l_samenv/.config/linse_profile
+++ b/to_system/home/l_samenv/.config/linse_profile
@@ -3,8 +3,6 @@ export EDITOR=nano
 
 . ~/.config/linse_setuser
 
-export GIT_AUTHOR_NAME=PREVENT_DEFAULT
-
 function gitea_git() (
   for repo in "$@"; do
     cd ~/$repo
diff --git a/to_system/home/l_samenv/.config/linse_setuser b/to_system/home/l_samenv/.config/linse_setuser
index 5ed9b28..7f6f1c4 100644
--- a/to_system/home/l_samenv/.config/linse_setuser
+++ b/to_system/home/l_samenv/.config/linse_setuser
@@ -1,3 +1,11 @@
+if [[ -z "$GIT_AUTHOR_EMAIL" || -z "$GIT_AUTHOR_NAME" ]]; then
+  export GIT_AUTHOR_NAME=PREVENT_DEFAULT
+fi
+
+function sigint_handler() {
+  trap - INT
+}
+
 function setuser() {
   if [[ $# -eq 0 ]]; then
     cat << EOF
@@ -8,27 +16,36 @@ function setuser() {
     set author for git commit and get gitea token from linse-c if available
 
 EOF
-    if [[ ! -z "$LC_IDENTIFICATION" ]]; then
-      local id=($LC_IDENTIFICATION)
-      echo "you are already identified as ${id[@]:2:9} <${id[1]}>"
+    if [[ "$GIT_AUTHOR_NAME" != "PREVENT_DEFAULT" ]]; then
+      echo "you are already identified as $GIT_AUTHOR_NAME <$GIT_AUTHOR_EMAIL>"
       echo " "
     fi
     return 1
   fi
   local isuser=$(ssh l_samenv@linse-c "test -d ~$1 && echo OK" 2>/dev/null)
   if [[ "$isuser" == "OK" ]]; then
-    local id=($LC_IDENTIFICATION)
     echo " "
-    if [[ ! -z "$id" ]]; then
-      echo "you are already identified as: ${id[@]:2:9} <${id[1]}> - you may press ctrl-c to abort"
-    fi
-    echo "get token from $1@linse-c"
-    export LC_IDENTIFICATION=$(ssh $1@linse-c 'echo $LC_IDENTIFICATION' 2>/dev/null)
-    if [[ -z "$LC_IDENTIFICATION" ]]; then
-      echo "LC_IDENTIFICATION is not defined in your rc file on $1@linse-c"
+    if [[ "$GIT_AUTHOR_NAME" != "PREVENT_DEFAULT" && ! -z "$GITEA_TOKEN" ]]; then
+      echo "you are already identified as $GIT_AUTHOR_NAME <$GIT_AUTHOR_EMAIL> - you may press ctrl-c to abort"
+      echo "get token again from $1@linse-c"
     else
-      local id=($LC_IDENTIFICATION)
-      echo "you are identified as ${id[@]:2:9} <${id[1]}>"
+      echo "get token from $1@linse-c"
+    fi
+    trap sigint_handler SIGINT
+    local all=($(ssh $1@linse-c 'echo _ $GITEA_TOKEN $GIT_AUTHOR_EMAIL $GIT_AUTHOR_NAME' 2>/dev/null))
+    if [[ -z "$all" ]]; then
+      return 1
+    fi
+    local token=${all[1]}
+    local email=${all[2]}
+    local name=${all[@]:3:9}
+    if [[ -z "$token" || -z "$email" || -z "$name" ]]; then
+      echo "GITEA_TOKEN, GIT_AUTHOR_EMAIL and GIT_AUTHOR_NAME are not defined in your rc file on $1@linse-c"
+    else
+      export GITEA_TOKEN=$token
+      export GIT_AUTHOR_EMAIL=$email
+      export GIT_AUTHOR_NAME=$name
+      echo "you are identified as $GIT_AUTHOR_NAME <$GIT_AUTHOR_EMAIL>"
     fi
     echo " "
   else
@@ -36,7 +53,7 @@ EOF
     export GIT_AUTHOR_NAME="$1"
     export GIT_AUTHOR_EMAIL="$1@$host"
     echo " "
-    echo "$1 is no valid linux user on linse-c -> not gitea token available for git push"
+    echo "$1 is no valid linux user on linse-c -> no gitea token available for git push"
     echo " "
     echo "however, you are identified as $GIT_AUTHOR_NAME <$GIT_AUTHOR_EMAIL> for git commit"
     echo " "