You can even get the same usage model very easy by doing what a lot of companies do by throwing up a 'jumpbox' that all users log in to. They then log into whichever server they need from that session. You can do both PAM based, and network based ACL's and it's fairly easy to manage through sudo etc.
The proper (security-wise) way to use jumpbox is to ask it to build a tunnel between your local machine and remote host you want to SSH into - then connect over that tunnel. That is, unless you ultimately trust the jumphost or have no interest in security besides the basics necessary to shoo away passive attackers.