When considering this problem, don't overlook the possibility that you can change the remote system so that it authenticates logins using a centrally-managed data source, e.g.
LDAP.[/i] (Or even, if you like, from a Windows domain-controller.)
(LDAP is what Microsoft calls "Open Directory.")
In other words, instead of
crufting a way to manage the user-table of a remote system from a distance, as you now are contemplating, you arrange for the remote system to not
use its own password-table to authenticate logins. Instead, it issues the request to a common repository. Now, users can log in to the remote system (if permitted to do so) using the same common login-identifiers they use already use elsewhere.
Linux really does "play well with others."