This is pretty obvious; the while <i>purpose</i> of ssh-agent is to do this. Once you have access to the user account of whoever is running any software that does any kind of crypto (or in some cases root, depending on kernel hardening settings re: debugging/ptrace), you can always get the keys.<p>Those concerned about this attack vector should use hardware tokens, like a YubiKey. They aren't infallible, as they could be stolen while unlocked with some USB trickery to keep them active, but it beats being able to trivially dump the key material.
An earlier entry (<a href="https://news.ycombinator.com/item?id=24768220" rel="nofollow">https://news.ycombinator.com/item?id=24768220</a>) to a Windows 10 specific blog post linked to this blog post from 2014 which appears to have never been posted here. So I did so.