Modify OpenSSH sshd and pidentd so that port-forwarded connections can be identified correctly.
The cheap-and-simple way would be to simply have a file somewhere with a uid for each possible port, and get sshd to update it and pidentd to read it (doing appropriate locking).
cs-sysadmin have implemented this precisely this way.