diff --git a/lib/gsocket-engine.c b/lib/gsocket-engine.c
index ff25f74..5755edd 100644
--- a/lib/gsocket-engine.c
+++ b/lib/gsocket-engine.c
@@ -166,16 +166,7 @@ gs_fds_out_rwfd(GS_SELECT_CTX *ctx)
 }
 
 void
-GS_library_init(FILE *err_fp, FILE *dout_fp, gs_cb_log_t func_log)
-{
-	if (gs_lib_init_called != 0)
-		return;
-	gs_lib_init_called = 1;
-	gs_errfp = err_fp;
-#ifdef DEBUG
-	gs_dout = dout_fp;
-#endif
-
+gs_library_init_engine(void) {
 	/* Initialize SSL */
 #ifndef STEALTH
 	OpenSSL_add_all_algorithms();
@@ -183,6 +174,23 @@ GS_library_init(FILE *err_fp, FILE *dout_fp, gs_cb_log_t func_log)
 #endif
 
 	XASSERT(RAND_status() == 1, "RAND_status()");
+}
+
+// Allowed to be called multiple times to chance err_fp etc.
+void
+GS_library_init(FILE *err_fp, FILE *dout_fp, gs_cb_log_t func_log)
+{
+	gs_errfp = err_fp;
+#ifdef DEBUG
+	gs_dout = dout_fp;
+#endif
+	gs_func_log = func_log;
+	if (func_log == NULL)
+		XFREE(gs_log_info.msg);
+
+	if (gs_lib_init_called != 0)
+		return;
+	gs_lib_init_called = 1;
 
 	if (func_log != NULL)
 	{
@@ -190,13 +198,13 @@ GS_library_init(FILE *err_fp, FILE *dout_fp, gs_cb_log_t func_log)
 		XASSERT(gs_log_info.msg != NULL, "calloc: %s\n", strerror(errno));
 	}
 
-	gs_func_log = func_log;
+	gs_library_init_engine();
 }
 
 int
 GS_CTX_init(GS_CTX *ctx, fd_set *rfd, fd_set *wfd, fd_set *r, fd_set *w, struct timeval *tv_now)
 {
-	GS_library_init(NULL, NULL, NULL);
+	gs_library_init_engine();
 
 	memset(ctx, 0, sizeof *ctx);
 
diff --git a/lib/gsocket-engine.h b/lib/gsocket-engine.h
index 44041d1..7bbf4cf 100644
--- a/lib/gsocket-engine.h
+++ b/lib/gsocket-engine.h
@@ -11,6 +11,7 @@ int gs_srp_init(GS *gsocket);
 void gs_select_rw_save_state(GS_SELECT_CTX *ctx, int fd, char *idstr);
 void gs_select_rw_restore_state(GS_SELECT_CTX *ctx, int fd, char *idstr);
 void gs_select_set_rdata_pending(GS_SELECT_CTX *ctx, int fd, int len);
+void gs_library_init_engine(void);
 
 void gs_fds_out(fd_set *fdset, int max, char id);
 void gs_fds_out_rwfd(GS_SELECT_CTX *ctx);
diff --git a/lib/gsocket-util.c b/lib/gsocket-util.c
index 70db487..3bbbbb9 100644
--- a/lib/gsocket-util.c
+++ b/lib/gsocket-util.c
@@ -154,7 +154,7 @@ GS_gen_secret(void)
 {
 	int ret;
 
-	GS_library_init(stderr, stderr, NULL);
+	gs_library_init_engine();
 
 	// Generate random numbers
 	uint8_t buf[GS_SECRET_MAX_LEN];
diff --git a/tools/4_gs-netcat.c b/tools/4_gs-netcat.c
index 6186a14..b5861fc 100644
--- a/tools/4_gs-netcat.c
+++ b/tools/4_gs-netcat.c
@@ -1473,17 +1473,6 @@ cb_sigalarm(int sig)
 	exit(EX_ALARM);
 }
 
-static void
-try_quiet(void)
-{
-	if (!(gopt.flags & GSC_FL_OPT_QUIET))
-		return;
-
-	// gopt.log_fp might be NULL (no -L specified).
-	if (gopt.log_fp != gopt.err_fp)
-		gopt.err_fp = NULL;
-}
-
 static void
 config_check_print_exit(void) {
 	int callhome_min = 0;
@@ -1715,13 +1704,12 @@ my_getopt(int argc, char *argv[])
 		}
 	}
 
-	try_quiet();
-
 	if ((gopt.is_internal) && (gopt.flags & GSC_FL_OPT_WATCHDOG_INTERNAL))
 		gs_watchdog();
 
 	// init all (and ask for password if -s/-k missing)
 	init_vars();			/* from utils.c */
+	try_quiet();
 
 	// Check if Self-Watchdog triggered this execution. Wait or exit hard, if needed.
 	SWD_wait();
@@ -1744,7 +1732,6 @@ my_getopt(int argc, char *argv[])
 				snprintf(buf, sizeof buf, "%u-BAD-AUTH-CHECK-%s", getpid(), gopt.sec_str);
 				gopt.token_str = strdup(buf);
 			}
-			gopt.err_fp = gopt.log_fp;	// Errors to logfile or NULL
 
 			GS_daemonize();
 
@@ -1755,6 +1742,8 @@ my_getopt(int argc, char *argv[])
 	}
 
 	if (gopt.flags & GSC_FL_OPT_DAEMON) {
+		gopt.err_fp = gopt.log_fp;	// Errors to logfile or NULL
+
 		if (gopt.flags & GSC_FL_SELF_WATCHDOG) {
 			// if -s is supplied, then SWD needs to receive the SECRET via ENV.
 			if ((gopt.sec_str != NULL) && (gopt.flags & (GSC_FL_OPT_SEC | GSC_FL_OPT_SEC)))
diff --git a/tools/utils.c b/tools/utils.c
index d01dd58..2ff66ca 100644
--- a/tools/utils.c
+++ b/tools/utils.c
@@ -681,6 +681,21 @@ cb_gs_log(struct _gs_log_info *l)
 	fflush(fp);
 }
 
+void
+try_quiet(void)
+{
+	if (!(gopt.flags & GSC_FL_OPT_QUIET))
+		return;
+
+	// gopt.log_fp might be NULL (no -L specified).
+	if (gopt.log_fp != gopt.err_fp)
+		gopt.err_fp = NULL;
+	// Do not close stderr/stdin yet. GS_user_secret() after GS_lib_init() needs it
+	// to ask for -s secret.
+
+	GS_library_init(gopt.err_fp, /* Debug Output */ gopt.err_fp, cb_gs_log);
+}
+
 void
 init_vars(void)
 {
@@ -769,12 +784,17 @@ init_vars(void)
 	if (gopt.sec_str == NULL)
 		ERREXIT("%s\n", GS_CTX_strerror(&gopt.gs_ctx));
 
-	if (gopt.is_greetings) {
+	if ((gopt.is_greetings) || (gopt.flags & GSC_FL_OPT_G)) {
+		FILE *tmp = gopt.log_fp;
+		if (gopt.log_fp == NULL)
+			gopt.log_fp = gopt.err_fp;
 		GS_LOG("=Secret         : %s\n", gopt.sec_str);
-		if (gopt.gs_id_str)
-			GS_LOG("=ID             : %s\n", gopt.gs_id_str);
+		gopt.log_fp = tmp;
 	}
 
+	if ((gopt.is_greetings) && (gopt.gs_id_str))
+		GS_LOG("=ID             : %s\n", gopt.gs_id_str);
+
 	/* Convert a secret string to an address */
 	GS_ADDR_sec2addr(&gopt.gs_addr, gopt.sec_str, gopt.gs_id_str);
 
@@ -1075,7 +1095,7 @@ stty_reset(void)
 static const char esc_seq[] = "\r~.\r";
 static int esc_pos;
 /*
- * In nteractive mode/Client mode check if User typed '\n~.\n' escape
+ * In interactive mode/Client mode, check if User typed '\n~.\n' escape
  * sequence.
  */
 void
diff --git a/tools/utils.h b/tools/utils.h
index 1fc6078..ee73b52 100644
--- a/tools/utils.h
+++ b/tools/utils.h
@@ -34,6 +34,7 @@ void gs_watchdog(void);
 void tty_leader(int fd);
 void do_util_test_changecgroup(void);
 void open_logfile(const char *fn);
+void try_quiet(void);
 
 // #define VLOG(a...)	do{if (gopt.log_fp != NULL){ fprintf(gopt.log_fp, a); fflush(gopt.log_fp); } }while(0)