So you can do that by creating a new docker based shell for the user

Creating the user

First we create the user using below command

sudo useradd --create-home --shell /usr/local/bin/dockershell tarun 
echo "tarun:tarunpass" | sudo chpasswd
sudo usermod -aG docker tarun

Creating the shell

Next create a shell file /usr/local/bin/dockershell

#!/bin/bash

docker run -it --rm ubuntu:latest /bin/bash

And then chmod +x /usr/local/bin/dockershell. Now you can ssh to your vm with the new user

$ ssh tarun@vm
tarun@vm's password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-66-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.


Last login: Sun Oct  1 06:50:06 2017 from 192.168.33.1
Starting shell for tarun
root@79c12f002708:/#

This takes me to the docker container and no session changes are saved. If you want to secure it even more, you should be user namespace remapping

https://success.docker.com/KBase/Introduction_to_User_Namespaces_in_Docker_Engine

when they exit anything they did isn't saved

That is because the writable layer of a container is discarded when the container stops.

You should make sure your container is run with a bind mount or (better) a volume: that way, the modification done during the ssh, if done in the right (mounted) path, would persists.