SSH was not designed for such on-demand access. However, if shell access (or file transfer) is the only thing you've to worry about, you've to restrict the possibilities for SSH and add a script that does not launch a shell unless you allow to.

For the SSH limiting part, I took a part of How to create a restricted SSH user for port forwarding?. Edit /etc/ssh/sshd_config and add:

Match user your-username

    AllowAgentForwarding no

    ForceCommand ~/bin/ssh-confirm

Create the executable ~/bin/ssh-confirm (mode 755) and create a script/ program in the language at your choice that make you need to confirm before dropping a SSH shell, e.g.:

#!/bin/bash

confirmfile="$HOME/allow-ssh-for-pid-$$"

if [ -f "$confirmfile" ]; then

    echo "Old confirmation file found for the SSH session, exiting!"

    exit 1

fi

# wait for a grant for 30 seconds before giving up

for ((i=0; i<30; i++)); do

    if [ -f "$confirmfile" ]; then

        rm "$confirmfile"

        exec "$SHELL"

    fi

    sleep 1

done

echo "SSH access timed out."

exit 1

This would require you to create the file "allow-ssh-for-pid-$$" where $$ is the pid of the script executed from SSH. You can use ps, pidof, etc for determining the PID. Of course, it could be more sophisticated like alerting you through notify, but I'll assume that people will give you a ring if they try to access you.

Also, I assume you trust the people you grant SSH access. If not, create a separate user (without sudo permissions of course ;) ) and store the ssh-confirm on a place like /usr/local/bin and store access tokens somewhere else.

SSH login attempts (and logouts) are logged to /var/log/auth.log. Run w to get a list of logged in users (note: you'll get multiple entries for terminals you open on your machine, pay attention to the FROM column).