Playing around with PAM modules lately, I have discovered libpam-ssh and pam-keyring. Both require some mucking about in /etc/pam.d/, but provide some worthwhile benefits.

libpam-ssh provides automatic spawning of ssh-agent, and populating ssh keys as required. This is handier than the keychain package as you do not have to enter passwords for each key, or even at all other than the initial login. The downside, of course, is that your ssh key passphrases must be the same as your system password.

pam-keyring does the same thing for gnome's keyring. Very handy if you use Network Manager for wifi.

Later on, I plan to look at using pam-encfs to encrypt either all (or portions if all is not feasible) of my home directory without requiring further password entry during login or boot.