Anyone changing your login password without knowledge of it (via an OS X installation disc) won’t automatically change the keychain password, leaving your SSH key passwords as owned by the likes of SSHKeychain secure.

SSH keys without passwords, like pure-password logins, provide single-factor security. SSH keys with passwords provide two-factor security. When you’ve only got a single factor, better it’s something you know (like a password) than something you have (like a tiny file living in your home directory that anyone can copy). Most people should use both.

This is how I recommend people to setup SSH, also to disable SSH password completely by setting “PasswordAuthentication” to no in /etc/sshd/sshd-config. This gives you proof-of-possession - no one can connect unless they have an authorized private key file on their computer.

Passwords on the private key are generally a waste of time. If you use sshkeychain (”All key passphrases can be stored, and you can use all your keys just by unlocking the Keychain”) you have gained NOTHING in terms of security - the keys are still accessible to anyone who logs in the account, same as if you didn’t use a password. The only ones who can access the private key without logging in the account are the admins, and… guess what?… they can change your login password too (and thus automatically unlock the keychain).