The "transit username" (my slang, sorry) is *also* a user on the remote
host. Sudoing on another host is always done by two steps:
- Connect to the remote host with a username who is allowed to receive a
remote connection, by whatever method (ssh, rsh, telnet, ...). This
user I call "transit user".
- Inside that remote session, apply "su" or "sudo", as you like, to the
remote user you want to work as.
So there are two different users "in use" on the remote machine. Maybe a
picture?
+-----------+ +------------+
| | ---> | transit@ |--+
| you@ | ssh +------------+ | sudo
| | | user@ |<-+
+-----------+ +------------+
localhost remotehost
In fact, this is needed only when the "remote user" cannot be accessed
via the method used in the first step; otherwise you could just go this
direct way.
Or, as you said, "when the transit username is the same as that of the
user on the remote machine", you just apply ssh to that user on the
remote host, and no sudo is needed at all.