Hi Jeff,
we were faced with a similar wish because we Unix admins share a common login account with RSA key authorization from which we su into the root account on a remote host.
The workaround I suggested then was based on the fact that the format of the authorized_keys file (as described in man sshd) allows for each key therein to be prepended by a comma separated list of options,
of which one is called "environment", and which may appear repeatedly.
This then would enable any admin user to place in his RSA public key file some environment variable such as e.g.
environment="SAADM_USER=jeff" 1024 35 121343091Ã 88297...
The admins' real user's public key should be distributed via cronjob script from your central admin login server to all the hosts they require access to, and appended to the ~saadm/.ssh/authorized_keys on each host.
However, to make the remote hosts' sshd processes honour user defined environment variables you must set PermitUserEnvironment to yes in the /etc/ssh/sshd_config file of those hosts and send their sshd a SIGHUP.
But beware, and read the warning in man sshd_config about possible perils with library preloading exploits if this per default disabled feature is enabled (see below)
Then to make use of the propagated admin's identity you could fiddle some rc script which would refer to SAADM_USER and which you place in ~saadm/.ssh/rc (read man sshd).
It must be said that this is no enforced security and can easily be subverted by the admin users.
It is only meant as one possible way to track the user's origin within a trusted community of admin peers.
PermitUserEnvironment
Specifies whether ~/.ssh/environment and environment= options in
~/.ssh/authorized_keys are processed by sshd. The default is "no".
Enabling environment processing may enable users to bypass access
restrictions in some configurations using mechanisms such as
LD_PRELOAD.
Madness, thy name is system administration
