Non-interactive login is relatively easy to set up in large networks. Generally no end-user action is needed.

Users do not have direct access to the private key.

In host-based authentication with certificates, it is possible to further limit user authorization based on host certificate contents.

Can be used together with other forms of authentication.

Trust is placed on the administration of the client host. Server relies on the integrity of the user account management on the client host.

Should only be used if the client host is administered by the same organization as the server host.