OS Arch Linux

Захожу по ssh с помощью ключа

# sudo passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Потом делаю:

# su <user>
$ sudo su root
Password:
Sorry, try again.
Password:
#

C новым паролем не пущает
Со старым - пущает

Пытаюсь под другим юзером [user2] зайти рутом:

Jun 30 14:21:53 market su: pam_unix(su:session): session opened for user user2 by root(uid=0)
Jun 30 14:22:06 market sudo: pam_unix(sudo:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/8 ruser=user2 rhost=market.com  user=user2
Jun 30 14:22:17 market sudo: pam_unix(sudo:auth): conversation failed
Jun 30 14:22:17 market sudo: pam_unix(sudo:auth): auth could not identify password for [user2]
Jun 30 14:22:17 market sudo:   user2 : pam_authenticate: Conversation error ; TTY=pts/8 ; PWD=/root ; USER=root ; COMMAND=/bin/su root

# sudo -l
User root may run the following commands on this host:
    (ALL) ALL
    (ALL) ALL
    (root) NOPASSWD: /etc/rc.d/nginx reload

# cat /etc/pam.d/su
#%PAM-1.0
auth            sufficient      pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth           sufficient      pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth           required        pam_wheel.so use_uid
auth            required        pam_unix.so
account         required        pam_unix.so
session         required        pam_unix.so

# cat /etc/pam.d/sudo
#%PAM-1.0
auth            required        pam_unix.so
auth            required        pam_nologin.so