For anyone wondering about the utility: So this works on the machine that hosts ssh-agent, but obviously not on the machine you forward your agent to. It's my understanding that your key never leaves your initial machine, so that's good.<p>The situation where this would work is if your primary machine were compromised with a root kit or privilege escalation. They would own your box, but actually your ssh key would be somewhat safe because it's stored encrypted at rest (assuming you set a password).<p>What this does is pull your key out of memory that has been decrypted and reencrypted (in an easily reversible way it seems). The attacker can then log into all remote systems as you by taking a peek at your known hosts file.