It's also relatively trivial to set something up like this as SSH server supports auth delegation using PAM, and PAM can be configured with a single line using pam_succeed_if.so to disable auth only for a certain user.
SSH, once you (verify and) accept the first key exchange cannot be tampered with in transit, nor have the contents viewed by those sitting in-between.
However, I believe everyone's stdout/stderr is available to everyone, if everyone is the same user, and if that user has read access to /proc, so that confidentiality is only restricted those who access to the server.