The nxssh 3.5.0 client is based on the latest stable version distributed by the OpenSSH project at the time of the last 3.5.0 release.

This has enabled old and unpatched Unix machines to be up to date with the security improvements that have occurred in OpenSSH development. Additionally, nxssh may use the OpenSSL libraries that are installed in the system, so upgrading the system's OpenSSL package results in the same fixes being propagated to NX.

Using its own version of the SSH client had multiple advantages. Usage patterns that are to be used in the context of NX have been hard-coded and all the functionalities of SSH that were not required to run NX sessions were stripped giving a leaner, more secure code. By shipping the required libraries, NX also greatly reduced the dependencies on the target platform.

However with NX 3.5.0 it is not possible to use ssh and nxssh interchangeably. As a note, NX 3.5.0 still supports nxproxy running as a separate process, to keep compatibility with users that are upgrading a single ssh client or third-party projects that use only some the NX core components.

It should also be noted that the SSH client is a user-space application not requiring any special privileges to run (unlike the X server). This keeps it's capability for compromising the system quite low. If users are only relying on nxssh to run NX sessions (the preferred method for most NX users), the weakest security link is most certainly the X server and to a minor extent, the nxcomp library, but NOT the nxssh client code.

The nxssh component has been removed on Linux and Mac OS X since NoMachine version 4, the new NoMachine client is now able to work either with the libssh2 program shipped with the installation package (this is the default) or with any compatible SSH client. Installations on Windows still provide an SSH client (named nxssh but completely different from nxssh version 3.5.0 or earlier versions). For more information please read here: https://www.nomachine.com/AR09L00813