Non-interactive login is relatively easy to set up in large networks. Generally no end-user action is needed.
Users do not have direct access to the private key.
In host-based authentication with certificates, it is possible to further limit user authorization based on host certificate contents.
Can be used together with other forms of authentication.
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.