What other fucking form of authentication is there? Certs? Those are just strings - like a password. Encrypted certs? What are you encrypting them with?
It all comes down to a secret someone has too know. Call it a key, a cert, a token, whatever, it's a fucking password at the end of the day.
If your auth'ing with a username / password on an infected server you're actually *sending* your credentials to the server. This is not he case wih a cert auth, especially when you use ssh-agent to hop to other servers.
This is the theory that Jack built. This is the flaw that lay in the theory that Jack built. This is the palpable verbal haze that hid the flaw that lay in...