One option I would like but is not apparently currently implemented would be one that insists on particular host keys. You probably only want access to serious bastion hosts from a few hosts. Stealing a host private key would normally require at least root access.
If you can run arbitrary code as me you can probably extract ssh private keys from the memory of the ssh agent process. If you want extra security then it would be possible to implement a scheme involving a SMS message which contains information required to log in.
Where I live receiving a mobile call or text message is free.