How to grant temporary access to server?

You can let him connect with a regular account and then monitor his SSH session. The screen based solution is the best in my opinion and will let you do "pair" system administration. For example he could type the sudo commands and you would type the password in case it's needed.

P.S. If you use screen it doesn't mean you shouldn't also use sudosh2 or other solutions.


Instead of granting him the root password, use sudo.

If you want to see everything he is doing in realtime as superuser, check out sudosh2. From the docs:

sudosh is an auditing shell filter and can be used as a login shell. Sudosh records all keystrokes and output and can play back the session as just like a VCR.

"All keystrokes" includes keystrokes from backspaces, delete characters, BASH's 'erase word', etc. You can watch someone's embarrassing typos and corrections, etc.

sudosh will support syslog, and you could send the logs to a remote syslog sever. This would ensure that the user could not the erase all copies of the audit logs.

Note that the original project sudosh (the first version) has been abandoned by it's author. sudosh2 is alive and well.