> In the real world (a datacenter, for instance) systems can't be rebooted because of ssh-agent, with obvious security and maintenance consequences. There has to be a procedure that contains the passphrase in clear text, for obvious reasons.
All of my servers are in a data center. When they reboot, I (or another admin) log in and start the agent. Surely you thought this through and realized that?