diff --git a/zbootstrap.zsh b/zbootstrap.zsh
index 23ed7f1..93cd9b3 100644
--- a/zbootstrap.zsh
+++ b/zbootstrap.zsh
@@ -14,4 +14,4 @@ source ${zshlibs_install}/tools.funcs.zsh
 
 source ${zshlibs_install}/zconfig.funcs.zsh
 source ${zshlibs_install}/global.funcs.zsh
-source ${zshlibs_install}/zssh.funcs.zsh
+fpath+=(${zshlibs_install}/zssh)
diff --git a/zssh.funcs.zsh b/zssh.funcs.zsh
deleted file mode 100644
index 5351682..0000000
--- a/zssh.funcs.zsh
+++ /dev/null
@@ -1,250 +0,0 @@
-function zssh_boot()
-{
-  zshlibs_log zssh "zssh is booting up
-----------------------------"
-  typeset -g zssh_ssh_dotdir="${HOME}/.ssh"
-  typeset -g zssh_private_keys="${zssh_ssh_dotdir}/keystore"
-  typeset -g zssh_private_configs="${zssh_ssh_dotdir}/config.d"
-  typeset -g zssh_global_configs=${globaldots_path}/config/ssh
-  typeset -g zssh_global_pubkeys=${globaldots_path}/keys/ssh
-  zssh_configure
-  zssh_process
-}
-
-function zssh_configure ()
-{
-  if [[ -n "$zssh_host" ]]
-  then
-    zshlibs_log zssh_configure "zssh_host is set"
-    zshlibs_ensure -d $zssh_private_keys
-    zshlibs_ensure -d $zssh_private_configs
-    zshlibs_ensure -d ${zssh_global_configs}
-    zshlibs_ensure -d ${zssh_global_pubkeys}
-    if ! [[ -d "${zssh_private_configs}" ]]
-    then
-      echo 'Include config.d/*.sshconf' > "${zssh_ssh_dotdir}/config_d"
-    fi
-    zssh_enumeratenodes
-    if [[ ${#zssh_host_config_accesses} -gt 0 ]]
-    then
-      zshlibs_log zssh_configure "zssh_host_config_accesses is set"
-      zshlibs_log zssh_configure "global our pubkey directory is $(zssh_host_info -K)"
-      zshlibs_log zssh_configure "global our config directory is $(zssh_host_info -c)"
-      typeset -g zssh_global_config_hostdir="${zssh_global_configs}/${zssh_host}"
-      typeset -g zssh_global_pubkey_hostdir="${zssh_global_pubkeys}/${zssh_host}"
-      zshlibs_ensure -d $(zssh_host_info -K) #"${zssh_global_pubkey_hostdir}" 
-      zshlibs_ensure -d $(zssh_host_info -C) # "${zssh_global_config_hostdir}"
-    else
-      zshlibs_log zssh_configure "zssh_host_config_accesses is NOT set, not going to bother accepting keys"
-    fi
-  else
-    zshlibs_log zssh_configure "zssh_host is NOT set, which means we cannot neither publish keys nor accept them"
-  fi
-}
-
-function zssh_host_info()
-{
-  zssh_node_info ${zssh_host} $@
-}
-
-function zssh_node_info()
-{
-  local ssh_node=$1
-  shift
-  while getopts 'kKcCM:E:' opt
-  do
-    case $opt in
-      (s)
-        # private privkey 
-        echo "$zssh_private_keys/${ssh_node}.key"
-        ;;
-      (k)
-        # private pubkey 
-        echo "$zssh_private_keys/${ssh_node}.key.pub"
-        ;;
-      (M)
-        # public pubkey mail file
-        echo "$zssh_global_pubkeys/${ssh_node}/${OPTARG}.key.pub"
-        ;;
-      (K)
-        # public pubkey bucket
-        echo "$zssh_global_pubkeys/${ssh_node}"
-        ;;
-      (c)
-        # private ssh hostconfig
-        echo "$zssh_private_configs/${ssh_node}.sshconf"
-        ;;
-      (C)
-        # public config bucket
-        echo "$zssh_global_configs/${ssh_node}"
-        ;;
-      (E)
-        # public config bucket piece
-        echo "$zssh_global_configs/${ssh_node}/${OPTARG}.sshconf"
-        ;;
-    esac
-  done
-}
-
-function zssh_process()
-{
-  if [[ -n "$zssh_host" ]]
-  then
-    if [[ ${#zssh_host_config_accesses} -gt 0 ]]
-    then
-      zshlibs_log zssh_server "processing ssh server setup"
-      # - if there is no generated ssh config,
-      # - if local config not older than (means newer than) generated config
-      # then generate ssh config
-      if ! [[ "${HOME}/.config/zsh/local.config.zsh" -ot $(zssh_host_info -c) ]]
-      then
-        zshlibs_log zssh_server "publishing our configs …"
-        zssh_publish_configs
-      else
-        zshlibs_log zssh_server "no need to publish our configs"
-      fi
-      zssh_check_pubkeys
-    fi
-    zshlibs_log zssh_client "processing ssh client setup"
-    zssh_install_peers
-    zssh_publish_pubkeys
-  fi
-}
-
-function zssh_check_pubkeys()
-{
-  [[ ${#zssh_host_config_accesses} -gt 0 ]] || return 62
-  zshlibs_log zssh_server "checking received pubkeys …"
-  zshlibs_log zssh_server "done checking received pubkeys"
-}
-
-function zssh_install_peers()
-{
-  [[ -n $zssh_host ]] || return 63
-  zshlibs_log zssh_client "installing peers"
-  for ssh_node in $zssh_nodes
-  do
-    zshlibs_log zssh_client "installing peer $ssh_node …"
-    zssh_generate_privkey4 $ssh_node
-    zssh_generate_config4 $ssh_node
-  done
-}
-
-function zssh_publish_pubkeys()
-{
-  zshlibs_log zssh_client "pushing out pubkey to parties …"
-  for ssh_node in $zssh_nodes
-  do
-    zssh_mail_pubkey2 $ssh_node
-  done
-  zshlibs_log zssh_client "done pushing out pubkey to parties"
-}
-
-function zssh_mail_pubkey2()
-{
-  [[ -n $zssh_host ]] || return 63
-  ssh_node="$1"
-  if ! [[ "$(zssh_node_info ${ssh_node} -k)" -ot "$(zssh_node_info ${ssh_node} -M ${zssh_host})" ]]
-  then 
-    zshlibs_ensure -d "$(zssh_node_info ${ssh_node} -K)"
-    zshlibs_log zssh_client "sending '$(zssh_node_info ${ssh_node} -k) to '$(zssh_node_info ${ssh_node} -M ${zssh_host})'"
-    cp -T "$(zssh_node_info ${ssh_node} -k)" "$(zssh_node_info ${ssh_node} -M ${zssh_host})"
-  else
-    zshlibs_log zssh_client "'$(zssh_node_info ${ssh_node} -M ${zssh_host})' already mailed"
-  fi
-}
-
-function zssh_publish_configs()
-{
-  [[  "${#zssh_host_config_accesses}" -gt 0 ]] || return 62
-  zshlibs_log zssh_server "generating access configs for parties …"
-  for sshmatch in ${(k)zssh_host_config_accesses}
-  do
-    config_filename="$(zssh_host_info -E ${sshmatch})"
-    config_filename=${config_filename//:/_}
-    zshlibs_log zssh_server "generating our server access config '${config_filename}'"
-    zssh_generate_hostaccessconfig $sshmatch > "${config_filename}"
-  done
-  zshlibs_log zssh_server "updating mtime for $(zssh_host_info -C)"
-  touch "$(zssh_host_info -C)"
-  zshlibs_log zssh_server "done generating access configs for parties"
-}
-
-function zssh_generate_hostaccessconfig()
-{
-  sshmatch="${1}"
-  sshcontents=${zssh_host_config_accesses[$sshmatch]}
-  sshmatch_user=${sshmatch%%@*}
-  sshmatch_host=${sshmatch##*@}
-  if [[ "$sshmatch_host" == "$sshmatch_user" ]]
-  then
-    sshmatch_user=''
-  fi
-  << HERE
-Match ${sshmatch_host:+host $sshmatch_host,} ${sshmatch_user:+user $sshmatch_user,}
-  ${sshcontents}
-  ${zssh_host_config}
-HERE
-}
-
-function zssh_generate_config4
-{
-  ssh_node="$1"
-  dst="$zssh_private_configs/$ssh_node.sshconf"
-  srcs="$zssh_global_configs/$ssh_node"
-  zshlibs_log zssh_client "checking configs for $ssh_node …"
-  if ! [[ -d "$srcs" ]]
-  then
-    zshlibs_log zssh_client "$ssh_node does not have config"
-  elif ! [[ $dst -nt $srcs ]]
-  then
-    sshkey="$zssh_private_keys/$ssh_node.key"
-    zshlibs_log zssh_client "generating '$dst' with key '$sshkey'"
-    matched=1
-    rm "$dst" 2> /dev/null
-    for src in "$srcs"/*.sshconf(N)
-    do
-      matched=0
-      zshlibs_log zssh_client "sourcing $src"
-      cat "$src" >> "$dst"
-      printf "\n  IdentityFile %s\n\n" "$sshkey" >> "$dst"
-    done
-    if ! [[ $matched ]]
-    then
-      zshlibs_log zssh_client "no configs for '$dst'"
-    fi
-  fi
-  zshlibs_log zssh_client "done with $ssh_node"
-}
-
-function zssh_generate_privkey4
-{
-  ssh_node="$1"
-  zshlibs_log zssh_client "checking keys for peer $ssh_node …"
-  local newkey=$zssh_private_keys/$ssh_node.key
-  if ! [[ -s $newkey ]]
-  then
-    zshlibs_log zssh_client "generate key for $ssh_node"
-    ssh-keygen -t ed25519 -N '' -C "$ssh_host($USER@$HOST) for $ssh_node" -f $newkey >> "${HOME}/.log/ssh-keygen.log"
-    if [[ "$ssh_node" == "$zssh_host" ]]
-    then
-      zshlibs_log zssh_client "Self accepting key: $ssh_node"
-      cat "$newkey.pub" >> ${HOME}/.ssh/authorized_keys
-    fi
-  fi
-}
-
-
-function zssh_enumeratenodes()
-{
-  typeset -g -a zssh_nodes;
-  zshlibs_log zssh_configure "enumerating nodes"
-  if [[ -d $zssh_global_configs ]]
-  then
-    for __ssh_node in ${zssh_global_configs}/*(/)
-    do
-      zssh_nodes+=($(basename $__ssh_node))
-    done
-  fi
-  zshlibs_log zssh_configure "got ${#zssh_nodes} nodes"
-}
diff --git a/zssh/zssh_boot b/zssh/zssh_boot
new file mode 100644
index 0000000..e6ac75f
--- /dev/null
+++ b/zssh/zssh_boot
@@ -0,0 +1,12 @@
+function zssh_boot()
+{
+  zshlibs_log zssh "zssh is booting up
+----------------------------"
+  typeset -g zssh_ssh_dotdir="${HOME}/.ssh"
+  typeset -g zssh_private_keys="${zssh_ssh_dotdir}/keystore"
+  typeset -g zssh_private_configs="${zssh_ssh_dotdir}/config.d"
+  typeset -g zssh_global_configs=${globaldots_path}/config/ssh
+  typeset -g zssh_global_pubkeys=${globaldots_path}/keys/ssh
+  zssh_configure
+  zssh_process
+}
diff --git a/zssh/zssh_check_pubkeys b/zssh/zssh_check_pubkeys
new file mode 100644
index 0000000..14b087e
--- /dev/null
+++ b/zssh/zssh_check_pubkeys
@@ -0,0 +1,6 @@
+function zssh_check_pubkeys()
+{
+  [[ ${#zssh_host_config_accesses} -gt 0 ]] || return 62
+  zshlibs_log zssh_server "checking received pubkeys …"
+  zshlibs_log zssh_server "done checking received pubkeys"
+}
diff --git a/zssh/zssh_configure b/zssh/zssh_configure
new file mode 100644
index 0000000..711386a
--- /dev/null
+++ b/zssh/zssh_configure
@@ -0,0 +1,30 @@
+function zssh_configure ()
+{
+  if [[ -n "$zssh_host" ]]
+  then
+    zshlibs_log zssh_configure "zssh_host is set"
+    zshlibs_ensure -d $zssh_private_keys
+    zshlibs_ensure -d $zssh_private_configs
+    zshlibs_ensure -d ${zssh_global_configs}
+    zshlibs_ensure -d ${zssh_global_pubkeys}
+    if ! [[ -d "${zssh_private_configs}" ]]
+    then
+      echo 'Include config.d/*.sshconf' > "${zssh_ssh_dotdir}/config_d"
+    fi
+    zssh_enumeratenodes
+    if [[ ${#zssh_host_config_accesses} -gt 0 ]]
+    then
+      zshlibs_log zssh_configure "zssh_host_config_accesses is set"
+      zshlibs_log zssh_configure "global our pubkey directory is $(zssh_host_info -K)"
+      zshlibs_log zssh_configure "global our config directory is $(zssh_host_info -c)"
+      typeset -g zssh_global_config_hostdir="${zssh_global_configs}/${zssh_host}"
+      typeset -g zssh_global_pubkey_hostdir="${zssh_global_pubkeys}/${zssh_host}"
+      zshlibs_ensure -d $(zssh_host_info -K) #"${zssh_global_pubkey_hostdir}" 
+      zshlibs_ensure -d $(zssh_host_info -C) # "${zssh_global_config_hostdir}"
+    else
+      zshlibs_log zssh_configure "zssh_host_config_accesses is NOT set, not going to bother accepting keys"
+    fi
+  else
+    zshlibs_log zssh_configure "zssh_host is NOT set, which means we cannot neither publish keys nor accept them"
+  fi
+}
diff --git a/zssh/zssh_enumeratenodes b/zssh/zssh_enumeratenodes
new file mode 100644
index 0000000..af99c29
--- /dev/null
+++ b/zssh/zssh_enumeratenodes
@@ -0,0 +1,13 @@
+function zssh_enumeratenodes()
+{
+  typeset -g -a zssh_nodes;
+  zshlibs_log zssh_configure "enumerating nodes"
+  if [[ -d $zssh_global_configs ]]
+  then
+    for __ssh_node in ${zssh_global_configs}/*(/)
+    do
+      zssh_nodes+=($(basename $__ssh_node))
+    done
+  fi
+  zshlibs_log zssh_configure "got ${#zssh_nodes} nodes"
+}
diff --git a/zssh/zssh_generate_config4 b/zssh/zssh_generate_config4
new file mode 100644
index 0000000..02785ed
--- /dev/null
+++ b/zssh/zssh_generate_config4
@@ -0,0 +1,29 @@
+function zssh_generate_config4
+{
+  ssh_node="$1"
+  dst="$zssh_private_configs/$ssh_node.sshconf"
+  srcs="$zssh_global_configs/$ssh_node"
+  zshlibs_log zssh_client "checking configs for $ssh_node …"
+  if ! [[ -d "$srcs" ]]
+  then
+    zshlibs_log zssh_client "$ssh_node does not have config"
+  elif ! [[ $dst -nt $srcs ]]
+  then
+    sshkey="$zssh_private_keys/$ssh_node.key"
+    zshlibs_log zssh_client "generating '$dst' with key '$sshkey'"
+    matched=1
+    rm "$dst" 2> /dev/null
+    for src in "$srcs"/*.sshconf(N)
+    do
+      matched=0
+      zshlibs_log zssh_client "sourcing $src"
+      cat "$src" >> "$dst"
+      printf "\n  IdentityFile %s\n\n" "$sshkey" >> "$dst"
+    done
+    if ! [[ $matched ]]
+    then
+      zshlibs_log zssh_client "no configs for '$dst'"
+    fi
+  fi
+  zshlibs_log zssh_client "done with $ssh_node"
+}
diff --git a/zssh/zssh_generate_hostaccessconfig b/zssh/zssh_generate_hostaccessconfig
new file mode 100644
index 0000000..07215c8
--- /dev/null
+++ b/zssh/zssh_generate_hostaccessconfig
@@ -0,0 +1,16 @@
+function zssh_generate_hostaccessconfig()
+{
+  sshmatch="${1}"
+  sshcontents=${zssh_host_config_accesses[$sshmatch]}
+  sshmatch_user=${sshmatch%%@*}
+  sshmatch_host=${sshmatch##*@}
+  if [[ "$sshmatch_host" == "$sshmatch_user" ]]
+  then
+    sshmatch_user=''
+  fi
+  << HERE
+Match ${sshmatch_host:+host $sshmatch_host,} ${sshmatch_user:+user $sshmatch_user,}
+  ${sshcontents}
+  ${zssh_host_config}
+HERE
+}
diff --git a/zssh/zssh_generate_privkey4 b/zssh/zssh_generate_privkey4
new file mode 100644
index 0000000..baa6e02
--- /dev/null
+++ b/zssh/zssh_generate_privkey4
@@ -0,0 +1,16 @@
+function zssh_generate_privkey4
+{
+  ssh_node="$1"
+  zshlibs_log zssh_client "checking keys for peer $ssh_node …"
+  local newkey=$zssh_private_keys/$ssh_node.key
+  if ! [[ -s $newkey ]]
+  then
+    zshlibs_log zssh_client "generate key for $ssh_node"
+    ssh-keygen -t ed25519 -N '' -C "$ssh_host($USER@$HOST) for $ssh_node" -f $newkey >> "${HOME}/.log/ssh-keygen.log"
+    if [[ "$ssh_node" == "$zssh_host" ]]
+    then
+      zshlibs_log zssh_client "Self accepting key: $ssh_node"
+      cat "$newkey.pub" >> ${HOME}/.ssh/authorized_keys
+    fi
+  fi
+}
diff --git a/zssh/zssh_host_info b/zssh/zssh_host_info
new file mode 100644
index 0000000..2ff2d0e
--- /dev/null
+++ b/zssh/zssh_host_info
@@ -0,0 +1,4 @@
+function zssh_host_info()
+{
+  zssh_node_info ${zssh_host} $@
+}
diff --git a/zssh/zssh_install_peers b/zssh/zssh_install_peers
new file mode 100644
index 0000000..01ae46d
--- /dev/null
+++ b/zssh/zssh_install_peers
@@ -0,0 +1,11 @@
+function zssh_install_peers()
+{
+  [[ -n $zssh_host ]] || return 63
+  zshlibs_log zssh_client "installing peers"
+  for ssh_node in $zssh_nodes
+  do
+    zshlibs_log zssh_client "installing peer $ssh_node …"
+    zssh_generate_privkey4 $ssh_node
+    zssh_generate_config4 $ssh_node
+  done
+}
diff --git a/zssh/zssh_mail_pubkey2 b/zssh/zssh_mail_pubkey2
new file mode 100644
index 0000000..b1d2aef
--- /dev/null
+++ b/zssh/zssh_mail_pubkey2
@@ -0,0 +1,13 @@
+function zssh_mail_pubkey2()
+{
+  [[ -n $zssh_host ]] || return 63
+  ssh_node="$1"
+  if ! [[ "$(zssh_node_info ${ssh_node} -k)" -ot "$(zssh_node_info ${ssh_node} -M ${zssh_host})" ]]
+  then 
+    zshlibs_ensure -d "$(zssh_node_info ${ssh_node} -K)"
+    zshlibs_log zssh_client "sending '$(zssh_node_info ${ssh_node} -k) to '$(zssh_node_info ${ssh_node} -M ${zssh_host})'"
+    cp -T "$(zssh_node_info ${ssh_node} -k)" "$(zssh_node_info ${ssh_node} -M ${zssh_host})"
+  else
+    zshlibs_log zssh_client "'$(zssh_node_info ${ssh_node} -M ${zssh_host})' already mailed"
+  fi
+}
diff --git a/zssh/zssh_node_info b/zssh/zssh_node_info
new file mode 100644
index 0000000..d8f12e3
--- /dev/null
+++ b/zssh/zssh_node_info
@@ -0,0 +1,38 @@
+function zssh_node_info()
+{
+  local ssh_node=$1
+  shift
+  while getopts 'kKcCM:E:' opt
+  do
+    case $opt in
+      (s)
+        # private privkey 
+        echo "$zssh_private_keys/${ssh_node}.key"
+        ;;
+      (k)
+        # private pubkey 
+        echo "$zssh_private_keys/${ssh_node}.key.pub"
+        ;;
+      (M)
+        # public pubkey mail file
+        echo "$zssh_global_pubkeys/${ssh_node}/${OPTARG}.key.pub"
+        ;;
+      (K)
+        # public pubkey bucket
+        echo "$zssh_global_pubkeys/${ssh_node}"
+        ;;
+      (c)
+        # private ssh hostconfig
+        echo "$zssh_private_configs/${ssh_node}.sshconf"
+        ;;
+      (C)
+        # public config bucket
+        echo "$zssh_global_configs/${ssh_node}"
+        ;;
+      (E)
+        # public config bucket piece
+        echo "$zssh_global_configs/${ssh_node}/${OPTARG}.sshconf"
+        ;;
+    esac
+  done
+}
diff --git a/zssh/zssh_process b/zssh/zssh_process
new file mode 100644
index 0000000..5b7db77
--- /dev/null
+++ b/zssh/zssh_process
@@ -0,0 +1,24 @@
+function zssh_process()
+{
+  if [[ -n "$zssh_host" ]]
+  then
+    if [[ ${#zssh_host_config_accesses} -gt 0 ]]
+    then
+      zshlibs_log zssh_server "processing ssh server setup"
+      # - if there is no generated ssh config,
+      # - if local config not older than (means newer than) generated config
+      # then generate ssh config
+      if ! [[ "${HOME}/.config/zsh/local.config.zsh" -ot $(zssh_host_info -c) ]]
+      then
+        zshlibs_log zssh_server "publishing our configs …"
+        zssh_publish_configs
+      else
+        zshlibs_log zssh_server "no need to publish our configs"
+      fi
+      zssh_check_pubkeys
+    fi
+    zshlibs_log zssh_client "processing ssh client setup"
+    zssh_install_peers
+    zssh_publish_pubkeys
+  fi
+}
diff --git a/zssh/zssh_publish_configs b/zssh/zssh_publish_configs
new file mode 100644
index 0000000..f93b6b4
--- /dev/null
+++ b/zssh/zssh_publish_configs
@@ -0,0 +1,15 @@
+function zssh_publish_configs()
+{
+  [[  "${#zssh_host_config_accesses}" -gt 0 ]] || return 62
+  zshlibs_log zssh_server "generating access configs for parties …"
+  for sshmatch in ${(k)zssh_host_config_accesses}
+  do
+    config_filename="$(zssh_host_info -E ${sshmatch})"
+    config_filename=${config_filename//:/_}
+    zshlibs_log zssh_server "generating our server access config '${config_filename}'"
+    zssh_generate_hostaccessconfig $sshmatch > "${config_filename}"
+  done
+  zshlibs_log zssh_server "updating mtime for $(zssh_host_info -C)"
+  touch "$(zssh_host_info -C)"
+  zshlibs_log zssh_server "done generating access configs for parties"
+}
diff --git a/zssh/zssh_publish_pubkeys b/zssh/zssh_publish_pubkeys
new file mode 100644
index 0000000..9390697
--- /dev/null
+++ b/zssh/zssh_publish_pubkeys
@@ -0,0 +1,9 @@
+function zssh_publish_pubkeys()
+{
+  zshlibs_log zssh_client "pushing out pubkey to parties …"
+  for ssh_node in $zssh_nodes
+  do
+    zssh_mail_pubkey2 $ssh_node
+  done
+  zshlibs_log zssh_client "done pushing out pubkey to parties"
+}