sudosh is a filter and can be used as a login shell. sudosh takes advantage of pty devices in order to sit between the user’s keyboard and a program, in this case a shell.
sudosh was designed specifically to be used in conjunction with sudo or by itself as a login shell. sudosh allows the execution of a root or user shell with logging. Every command the user types within the root shell is logged as well as the output.
This is different from “sudo -s” or “sudo /bin/sh” because when you use one of these or a similar method instead of sudosh to start a new shell then this new shell does not log commands typed in the new shell to syslog, only the fact that a new shell started is logged.
If this newly started shell supports commandline history then you can still find the commands called in the shell in a file such as .sh_history but if you use a shell such as csh that does not support command-line logging you are out of luck.
sudosh fills this gap. No matter what shell you use, all of the command lines are logged to syslog (including vi keystrokes.)
Sudosh records all keystrokes and output and can play back the session as just like a VCR using sudosh-replay.