How to grant temporary access to server?

linux ubuntu guest

You can let him connect with a regular account and then monitor his SSH session. The screen based solution is the best in my opinion and will let you do "pair" system administration. For example he could type the sudo commands and you would type the password in case it's needed.

P.S. If you use screen it doesn't mean you shouldn't also use sudosh2 or other solutions.


Instead of granting him the root password, use sudo.

If you want to see everything he is doing in realtime as superuser, check out sudosh2. From the docs:

sudosh is an auditing shell filter and can be used as a login shell. Sudosh records all keystrokes and output and can play back the session as just like a VCR.

"All keystrokes" includes keystrokes from backspaces, delete characters, BASH's 'erase word', etc. You can watch someone's embarrassing typos and corrections, etc.

sudosh will support syslog, and you could send the logs to a remote syslog sever. This would ensure that the user could not the erase all copies of the audit logs.

Note that the original project sudosh (the first version) has been abandoned by it's author. sudosh2 is alive and well.

Related

Setting up a transparent SSL proxy
How to remove or uninstall an orphaned service?
Can I use the same wildcard certification for *.domain.com and domain.com
Examples of falsified (or currently open) longstanding conjectures leading to large bodies of incorrect results.
Difference between "for any" and "for all"?
Could these polynomials be identified?
Are Clifford algebras and differential forms equivalent frameworks for differential geometry?
LU Decomposition vs. Cholesky Decomposition
How to create mazes on the hyperbolic plane?
What is the difference between natural cubic spline, Hermite spline, Bézier spline and B-spline?
history of the double root solution of $ay''+by'+cy=0$
What is a closed form of $\int_0^1\ln(-\ln x)\ \text{li}\ x\ dx$