I often use tmate [1] to do this, as it simplifies some of the fiddly bits and allows granting another user temporary access without granting them credentials (eg ssh key or username/password).
I'd be keen to hear why tmate isn't a good idea in terms of security.
As I understand it, the use of tmate is not so different from physically sitting next to a colleague and both of you taking the hot-seat with the computer.
Is the vulnerability around sending a shell to tmate.io? If so, I believe there is also an option to host the software on your own server.
You don’t see the difference between: 1) allowing anyone on the Internet to use an ssh shell on an internal server that’s protected by authentication and firewalls, vs 2) someone you know, who has already been granted physical access to your location, and likely already has a security clearance as well as undergone interviews, training, and other security checks?