Linux: set up for remote sysadmin

Solution 1:

The only thing that comes to mind would be to add --expiredate to the adduser call.
With that the customer knows that your access will automatically expire at a fixed date.

He still needs to trust you as you have root access and still could remove the expire flag.

Solution 2:

You can record your sessions with the script(1) utility.

$ script session.log
Script started, file is session.log
$ ls
file1  session.log
exit
Script done, file is session.log

then everything is in session.log.

Solution 3:

Since you are already logging in with an SSH public key, it would tighten things up a little if you didn't supply a password hash; instead tell them to use adduser --disabled-password (equivalently, useradd -p '!', I think), which is effectively equivalent to PasswordAuthentication no for that account, plus there is no chance someone snooping on your email could brute-force the password hash and log in as you.

Solution 4:

Why provide a password at all, when you are going to use public/private keys.

Public keys are meant to be shared, so this is what you should use to securily exchange credentials, not hashed passwords.

sudo useradd --disabled-password hbruijn

When sending your public key, verify the fingerprint over a second channel, like a phone call, so you know nobody altered it on it's way in.

Since you won't have a password now to use sudo, you need to also alter your line in the sudoers file to

hbruijn ALL=(ALL) NOPASSWD:ALL

If you're not comfortable with having no password for sudo, and really want a password, there still is no need for you to send your hashed password, let the account be created without password, set your public key, and once your account is set up you can log in over ssh and run passwd to set your own password.