Maybe not everyone knows, but modern gdm/gnome combo automagically
allows you to have password protected key and avoid (re)entering that
password at the same time. It seems that ssh-agent is started as part
of gnome session and it reuses password you enter at login prompt.
I'm not sure if it's ok that all session programs (including
potentially less safe things, like browser) have access to unlocked