ssh-agent (cont)

Goodies:
Key is protected on disk - can't be stolen by root.
Agent 'follows you':
Env variables passed to children processes.
Agent can be forwarded over SSH connections.  (ssh -A)
Unrelated processes can use same agent by setting appropriate env variables.

Problems:
Unix file perms used to protect socket
root@localhost can connect to your agent.
Agent forwarding opens ssh-agent to any machines to which you ssh.
Having multiple unrelated processes use same agent requires discovering env variables.