It said (and has always said) in the first sentence that I intended it to be a reference. I mention in the comments how I've updated the post and given credit to each person that's sent in suggestions/changes either through the site comments or via email.
I didn't "embarrassingly forget how SSH does its thing" -- I still believe the listed attack, now generalized to network services, would be successful in many cases (to deny this is to deny that anyone would click on malicious links or open suspicious attachments, would visit websites that give SSL certificate errors, etc). The only thing that changed was I moved those specific entries into their own section since the immediate example of sshd gives a warning on connect, so listing it wasn't fair. When I first posted the article, it was only 15/35 -- so what's your point? I shouldn't be accurate?
As the PaX Team and I both mentioned already, in the real world, attackers *do not care* if it takes a few minutes or a few days. I assure you they can speed up that process as well (i.e. they don't have to wait for you to feel like connecting on your own). If you had an imagination, you'd be able to figure this out, but it's not common among armchair experts.