[xandrius]

With all these recent exploits, I wouldn't even be 100% sure of that.

[wolletd]

But if I can't trust even that host, I also can't trust the host I'm working on and which doesn't need agent forwarding to access my SSH agent.

[hot_gril]

Trusting one host is safer than trusting two hosts.

[jethro_tell]

This is where certs are nice, sign one every morning with a 8/12 hour TTL

[quibuss]

Interesting idea. Does need some automation though to make it practical irl.