diff --git a/INSTALL/README.md b/INSTALL/README.md
index b35e356b5..43883a991 100644
--- a/INSTALL/README.md
+++ b/INSTALL/README.md
@@ -1,21 +1,27 @@
 NOTE: Only Ubuntu 14.04 64bit is supported at this time.
 
-### Dependencies
+### Server setup / create `tmuser`
 
-Install the dependencies and create a new user `tmuser`
+Secure the server, install dependencies, and create a new user `tmuser`
 
-    curl -L https://raw.githubusercontent.com/tendermint/tendermint/master/INSTALL/ssh_config.sh > ssh_config.sh
     curl -L https://raw.githubusercontent.com/tendermint/tendermint/master/INSTALL/install_env.sh > install_env.sh
     source install_env.sh
     cd /home/tmuser
 
-### Install Go
+### Install Go as `tmuser`
 
 Don't use `apt-get install golang`, it's still on an old version.
 
     curl -L https://raw.githubusercontent.com/tendermint/tendermint/master/INSTALL/install_golang.sh > install_golang.sh
     source install_golang.sh
 
+### Run Barak
+
+WARNING: THIS STEP WILL GIVE CONTROL OF THE CURRENT USER TO THE DEV TEAM.
+
+    go install github.com/tendermint/tendermint/cmd/barak
+    cat $GOPATH/src/github.com/tendermint/tendermint/cmd/barak/seed0 | barak
+
 ### Install/Update Tendermint
 
     go get -u github.com/tendermint/tendermint/cmd/tendermint  # get+update
diff --git a/INSTALL/install_env.sh b/INSTALL/install_env.sh
index 2fa7bdcb8..9a2ac552c 100755
--- a/INSTALL/install_env.sh
+++ b/INSTALL/install_env.sh
@@ -12,6 +12,29 @@ USER="tmuser"
 ADMIN_EMAIL="ENTER_ADMIN_EMAIL"
 OPEN_PORTS=(46656 46657 46658 46659 46660 46661 46662 46663 46664 46665 46666 46667 46668 46669 46670 46671)
 SSH_PORT=20
+SSH_CONFIG="Port 20
+Protocol 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+UsePrivilegeSeparation yes
+KeyRegenerationInterval 3600
+ServerKeyBits 1024
+SyslogFacility AUTH
+LogLevel INFO
+LoginGraceTime 120
+PermitRootLogin no
+StrictModes yes
+RSAAuthentication yes
+PubkeyAuthentication yes
+IgnoreRhosts yes
+RhostsRSAAuthentication no
+HostbasedAuthentication no
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+"
 WHITELIST=()
 
 # update and upgrade
@@ -30,7 +53,6 @@ apt-get install -y make screen gcc git mercurial libc6-dev pkg-config libgmp-dev
 # set up firewall
 echo "ENABLE FIREWALL ..."
 # copy in the ssh config with locked down settings
-source ssh_config.sh
 if [ "$SSH_CONFIG" != "" ]; then
   echo "$SSH_CONFIG" > /etc/ssh/sshd_config
   service ssh restart
diff --git a/INSTALL/ssh_config.sh b/INSTALL/ssh_config.sh
deleted file mode 100644
index e4a2d0074..000000000
--- a/INSTALL/ssh_config.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-SSH_CONFIG="# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
-Port 20
-# Use these options to restrict which interfaces/protocols sshd will bind to
-#ListenAddress ::
-#ListenAddress 0.0.0.0
-Protocol 2
-# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-#Privilege Separation is turned on for security
-UsePrivilegeSeparation yes
-
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
-
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin no
-StrictModes yes
-
-RSAAuthentication yes
-PubkeyAuthentication yes
-#AuthorizedKeysFile	%h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
-# similar for protocol version 2
-HostbasedAuthentication no
-#IgnoreUserKnownHosts yes
-
-PermitEmptyPasswords no
-
-ChallengeResponseAuthentication no
-
-PasswordAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-UsePAM yes
-"
diff --git a/cmd/tendermint/main.go b/cmd/tendermint/main.go
index 163e3a7c1..946e21c4d 100644
--- a/cmd/tendermint/main.go
+++ b/cmd/tendermint/main.go
@@ -16,7 +16,6 @@ func main() {
 		fmt.Println(`Tendermint
 
 Commands:
-    init          Initialize the TMROOT directory
     node          Run the tendermint node 
     gen_account   Generate new account keypair
     gen_validator Generate new validator keypair
@@ -27,9 +26,6 @@ Commands:
 	}
 
 	switch args[0] {
-	case "init":
-		config.ParseFlags(args[1:])
-		logger.Reset()
 	case "node":
 		config.ParseFlags(args[1:])
 		logger.Reset()