How to grant temporary access to server?
Solution 1:
Instead of granting him the root password, use sudo.
If you want to see everything he is doing in realtime as superuser, check out sudosh2. From the docs:
sudosh is an auditing shell filter and can be used as a login shell. Sudosh records all keystrokes and output and can play back the session as just like a VCR.
"All keystrokes" includes keystrokes from backspaces, delete characters, BASH's 'erase word', etc. You can watch someone's embarrassing typos and corrections, etc.
sudosh will support syslog, and you could send the logs to a remote syslog sever. This would ensure that the user could not the erase all copies of the audit logs.
Note that the original project sudosh (the first version) has been abandoned by it's author. sudosh2 is alive and well.
Solution 2:
You can let him connect with a regular account and then monitor his SSH session. The screen based solution is the best in my opinion and will let you do "pair" system administration. For example he could type the sudo commands and you would type the password in case it's needed.
P.S. If you use screen it doesn't mean you shouldn't also use sudosh2 or other solutions.
Solution 3:
It really depends on what level of access you want to give him/her. I would never enable remote root logins in the first place. Only "normal" accounts should have remote access, then configure sudo for whatever that person needs.
Solution 4:
First, you should have clearly defined objectives for what you'd like him to do. Once those objectives are defined you can grant him the level of access required to achieve those objectives.
It's like dropping my car off at the repair shop and telling them to "fix it up". Next thing you know I've got a bill for thousands of dollars and they've done things I didn't want done and didn't ask for.