TL;DR: sudo with the correct password failed repeatedly in my home server but it suddenly started to success after a few minutes. Can this behavior be explained without assuming the existence of an attacker who has the root privilege?
This morning, I read The xz package has been backdoored - Arch Linux News, which strongly advises the users who use xz 5.6.0-1 or xz 5.6.1-1 to upgrade their systems.
After that,
I opened my laptop to connect to my Arch Linux server in my home, which is also publicly accessible via a private key, via SSH and executed
sudo pacman -Syto prepare for upgrading my system.I was prompted the user's password so I typed the correct one. However, all of the three attempts failed:
$ sudo pacman -Sy [sudo] password for user: Sorry, try again. [sudo] password for user: Sorry, try again. [sudo] password for user: sudo: 3 incorrect password attemptsThen, just in case, I configured my router to disable port forwaring, making my server inaccessible outside LAN. (Only I can connect to the server now.)
After that, I repeatedly tried
sudomany times while confirming I didn't enable CAPS_LOCK etc. I also tried to connect to the server from iPhone and executesudo. All of the attempts failed. This was EXTREMELY strange as I connect to the server everyday; the possibility where I typed incorrect passwords for every attempt is very low.A few minutes later,
sudosuddenly started to success (with the same password).
Can this behavior be explained without assuming the existence of an attacker who has the root privilege?