Could you run
sudo -s
id
And post the output? I want to see if it's actually making you the user you think.
Also, try
sudo cat /etc/sudoers
The output of id here is quite enlightening. When you ran sudo -s
, you were given a UID of 1, while the only UID that the kernel will recognize as having root privileges is UID 0.
Try running
getent passwd | grep ':0:'
and see if any entries have that 0 in their first numeric field, the UID. Whatever account that is is the real superuser on the system, while root
is a fake. Once you know the name, you can try
sudo -s -u username
to get a shell as that user.
You should also post the output of
getent passwd root
The bigger issue here is how such a condition came to pass.
Is this machine offering any network services? If so, someone may have broken into it and taken it over. In that case, you should probably back up the data, do a clean re-install, and audit anything that goes back on it.
If it's more of a personal machine, might there be a knowledgeable prankster who's had access to it recently?
Edit: your comment to another answer suggests that this is a server. I would highly recommend taking it offline ASAP and imaging its disks for forensic purposes. Unless you can identify a benign cause for this in short order, you've probably had your server cracked.
As you mentioned, the environment variables are removed by sudo
, for security reasons.
But fortunately sudo
is quite configurable: you can tell it precisely which environment variables you want to keep thanks to the env_keep
configuration option in /etc/sudoers
.
For agent forwarding, you need to keep the SSH_AUTH_SOCK
environment variable. To do so, simply edit your /etc/sudoers
configuration file (always using visudo
) and set the env_keep
option to the appropriate users. If you want this option to be set for all users, use the Defaults
line like this:
Defaults env_keep+=SSH_AUTH_SOCK
man sudoers
for more details.
You should now be able to do something like this (provided user1
's public key is present in ~/.ssh/authorized_keys
in user1@serverA
and user2@serverB
, and serverA
's /etc/sudoers
file is setup as indicated above):
user1@mymachine> eval `ssh-agent` # starts ssh-agent
user1@mymachine> ssh-add # add user1's key to agent (requires pwd)
user1@mymachine> ssh -A serverA # no pwd required + agent forwarding activated
user1@serverA> sudo su - user2 # sudo keeps agent forwarding active :-)
user2@serverA> ssh serverB # goto user2@serverB w/o typing pwd again...
user2@serverB> # ...because forwarding still works
Best Answer
I find that getting the quoting correct is pretty annoying. Instead I tend to just pass commands to bash on the remote host through a pipe instead. This way you don't have to worry about getting the escaping right in your ssh command line. Just pass into the pipe exactly what you would type if you were connected interactively.
Which returns