If someone gets access to my account, they won't have any trouble stealing my password and getting into my remote machines anyway. What's worse is ssh-agent can make you less not more secure. It forwards a connection to each machine you log into; anyone with root privileges on these machines can access your private keys.
Tuesday, August 21, 2007
Dave Dribin insists you must use ssh-agent and pass phrases for private keys, just in case someone gets access to your account, the assumption being that someone won't be able to access your remote machines because they don't know your password.