diff --git a/cbox-build.sh b/cbox-build.sh
index 383dd79..b824694 100755
--- a/cbox-build.sh
+++ b/cbox-build.sh
@@ -6,7 +6,7 @@
 #   dfsbuild	- create the image directory with dfsbuild and copy it to
 #		  the working directory
 #   config	- apply cryptobox specific changes to the working directory
-#   harden	- remove unnecessary packages (for release CD)
+#   harden	- remove unnecessary packages and disable developer features
 #   iso		- create the iso image (out of the working directory)
 #   burn	- tries to burn the the image on a cd-rw (maybe it works)
 #
@@ -16,6 +16,9 @@
 #   devel	- enable developer features like sshd, writable templates and
 #		  the test-suite (can be undone by "revert")
 #   revert	- reset the working directory to the image created by dfsbuild
+#   upload	- copy local working copy to tmpfs on a running cryptobox
+#   diff	- compare tmpfs-files on a running cryptobox with the original
+#   merge	- apply the diff to the local copy
 #
 # final action:
 #   release	- the same as "dfsbuild config iso"
@@ -60,7 +63,7 @@ LOCALCONF_DIR=local.conf.d
 SSH_CONFIG_FILE="$LOCALCONF_DIR/ssh-options"
 SSH_HOST=cryptobox
 REMOTE_COMMAND="/usr/lib/cryptobox/devel-features.sh"
-
+CUSTOM_CONFIGURE_DIR=$LOCALCONF_DIR/custom-configure.d
 
 
 function run_dfsbuild()
@@ -117,13 +120,13 @@ function configure_cb()
 		exit
 	fi
 
-	echo "Copying files into the box ..."
+	echo "Copying files to the box ..."
 		[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
 		cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
 		rm -rf `find "$TMP_DIR" -type d -name ".svn"`
 		cp -dr "$TMP_DIR/." "$IMAGE_DIR"
 		rm -rf "$TMP_DIR"
-
+	
 	echo "Configuring the cryptobox ..."
 		# "harden" removes /etc/issue ...
 		if [ -e "$IMAGE_DIR/etc/issue" ]
@@ -132,6 +135,16 @@ function configure_cb()
 		 fi
 		fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
 		chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
+	
+	# source local configure scripts
+	[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
+	  find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
+	     do	echo "Sourcing custom configure script $(basename $file):"
+		# execute it in its own environment (to be safe)
+		# 'source' implicitly imports all current settings
+		# indent these lines to improve the output
+		( source "$file" ) 2>&1 | sed 's/^/\t/'
+	   done
 }
 
 
@@ -143,8 +156,9 @@ function fetch_revision()
 
 function check_ssh_defaults()
 {
+	[ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
 	if [ ! -e "$SSH_CONFIG_FILE" ]
-		then	[ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
+		then	echo "Copying default ssh_config file to '$SSH_CONFIG_FILE' ..."
 			cp misc/ssh-options.default "$SSH_CONFIG_FILE"
 	  fi
 }
diff --git a/cryptobox.conf.d/usr/lib/cryptobox/configure-cryptobox.sh b/cryptobox.conf.d/usr/lib/cryptobox/configure-cryptobox.sh
index a620b55..b9900d6 100755
--- a/cryptobox.conf.d/usr/lib/cryptobox/configure-cryptobox.sh
+++ b/cryptobox.conf.d/usr/lib/cryptobox/configure-cryptobox.sh
@@ -35,10 +35,15 @@ function configure_normal()
 
 	######### bashrc ###########
 	# remove dfshints from bashrc
-	sed -i "/^dfshints$/d" $RUNTIMEDIR/root/.bashrc
+	sed -i "/^dfshints$/d" "$RUNTIMEDIR/root/.bashrc"
 
+	########### TERM ###########
+	# set a usable default
+	sed -i '/^export TERM=/d' "$RUNTIMEDIR/root/.profile"
+	echo 'export TERM=vt100' >>"$RUNTIMEDIR/root/.profile"
+
+	########## sshd ############
 	if [ -e "/etc/ssh" ]; then
-	    ########## sshd ############
 	    # allow empty passwords for ssh
 	    #  the daemon is NOT started automatically, so you have to start it
 	    #  manually in case of need - as the root pw is empty and passwd is ro, you
@@ -62,8 +67,12 @@ function configure_secure()
 	# remove unnecessary packages
 	dpkg --force-all -P $SECURITY_REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed."
 
-	# remove development files
+	# remove the development features script
 	rm -f "$DEV_FEATURES_SCRIPT"
+
+	# maybe an authorized_keys file was created - but it is not dangerous,
+	# as the openssh package was removed anyway
+	rm -rf /root/.ssh
 }
 
 
diff --git a/misc/custom-configure.d/README b/misc/custom-configure.d/README
new file mode 100644
index 0000000..acd170f
--- /dev/null
+++ b/misc/custom-configure.d/README
@@ -0,0 +1,25 @@
+1) Overview
+the files in this directory are examples specific hook scripts to change the
+configuration of the box
+
+2) How to use these scripts
+Copy the scripts, you would like to use into local.conf.d/custom-configure.d.
+They will be sourced in alphabetic order AFTER the default configuration of the
+cryptobox.
+
+3) The examples
+
+set_root_pw
+	- replace the empty root password (the default) with a choosen password
+	- useful if your development cryptobox:
+	  - is located in an insecure environment
+	  - or your development team is geographically distributed, so the
+	    cryptobox for testing has to be publicly available
+
+import_authorized_keys
+	- create a new rsa key (local.conf.d/id_rsa) and copy the public
+	  key to the working image directory
+	- IMPORTANT: you have to activate the 'IdentityFile' setting in
+	  local.conf.d/ssh-options to enable this feature
+	- this is useful, if you secured the development cryptobox with a
+	  password (see 'set_root_pw')
diff --git a/misc/custom-configure.d/import_authorized_keys b/misc/custom-configure.d/import_authorized_keys
new file mode 100644
index 0000000..008b10b
--- /dev/null
+++ b/misc/custom-configure.d/import_authorized_keys
@@ -0,0 +1,23 @@
+# import a public rsa key into the cryptobox for ssh authentication
+#
+# see README in misc/custom-configure.d for details
+#
+# do not forget to activate the 'IdentityFile' setting in
+# local.conf.d/ssh-options
+#
+
+SSH_KEY_FILE="$LOCALCONF_DIR/id_rsa"
+
+# create a rsa key if it does not yet exist
+if [ ! -e "$SSH_KEY_FILE" ]
+	then	echo "Creating ssh key ($SSH_KEY_FILE) ..."
+		mkdir -p $(dirname "$SSH_KEY_FILE")
+		ssh-keygen -t rsa -b 1024 -N '' -q -f "$SSH_KEY_FILE"
+  fi
+
+# copy new public ssh key to ~/.ssh/authorized_keys on cryptobox
+check_ssh_defaults
+echo "Copying local public ssh key file to the box ..."
+mkdir -p "$IMAGE_DIR/opt/dfsbuild/runtimerd/root/.ssh"
+cp "${SSH_KEY_FILE}.pub" "$IMAGE_DIR/opt/dfsbuild/runtimerd/root/.ssh/authorized_keys"
+
diff --git a/misc/custom-configure.d/set_root_pw b/misc/custom-configure.d/set_root_pw
new file mode 100644
index 0000000..432898f
--- /dev/null
+++ b/misc/custom-configure.d/set_root_pw
@@ -0,0 +1,10 @@
+# replace the empty root password of an development cryptobox with a choosen one
+#
+# see misc/custom-configure.d/README for details
+#
+
+# set the password to your needs
+NEW_ROOT_PASSWORD=foobar
+
+echo "Setting a root password ..."
+echo "root:$NEW_ROOT_PASSWORD" | chroot "$IMAGE_DIR" "$CHROOTSTART" chpasswd root
diff --git a/misc/ssh-options.default b/misc/ssh-options.default
index 7ff0e08..de831bd 100644
--- a/misc/ssh-options.default
+++ b/misc/ssh-options.default
@@ -4,6 +4,10 @@ Host cryptobox
 HostName 192.168.0.23
 Port 22
 
+# maybe you want to use rsa authentication?
+# see misc/custom-configure.s/README for examples
+#IdentityFile local.conf.d/id_rsa
+
 # this should be valid for everyone
 User root
 CheckHostIP no