Starting from version 9, NoMachine no longer ships its built-in SSH server (nxsshd) and client (nxssh) with the relative tools for key-based authentication with SSH agent and/or authentication forwarding. These components, based on an old version of OpenSSH (openssh-5.9p1), now obsolete, were conceived to permit SSH support at the time Windows was not providing it. This is no longer needed since recent Windows versions already come with OpenSSH included or allow to install it.

Server side
Pre-requisite is to have OpenSSH server installed on the remote Windows.
If OpenSSH server uses a non-default path for administrators_authorized_keys, see instructions in the related section below.

Client side
NoMachine packages for Windows include libssh2, which is a a client-side C library implementing the SSH2 protocol (see http://www.libssh2.org/  for more information). Connections by SSH protocol work out-of-the-box except in some specific cases when:

1. Using key-based authentication with a key you provide + Forward authentication (key forwarding)
2. Using key-based authentication with a SSH agent (with or without Forward authentication)
3. Using key-based authentication with a PKCS11 smart card + Forward authentication

With the authentication methods above it's necessary to install the OpenSSH client on the user's computer (see paragraphs below). If OpenSSH client is not installed, the NoMachine client raises an error. The same occurs if the SSH agent is not up and running. See section 'Troubleshooting' for that.  

1. Pre-requisites to install OpenSSH
Minimum OS requirement to install automatically OpenSSH as a Windows service is Windows Server 2019 and later, or Windows 10 build 1809 and later. (Ref. https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh-overview).

As an alternative or if you're using an older version of Windows, you can download and install OpenSSH by yourself https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH. The minimum requirement in this case is Windows 7.

2. How to install the OpenSSH server and/or the OpenSSH client as a service

Depending on the Windows version, it's possible that the OpenSSH server and/or client is already installed, but not enabled. You can check that from the Open Apps & features → Optional features panel. 

To install: 

1) Open Apps & features → Optional features → Add a feature and check 'OpenSSH Server' and 'OpenSSH Client'

4.How to configure NoMachine server for a non-default path to the administrators_authorized_keys file
NoMachine works out-of-the-box with the default configuration of OpenSSH server on the system. If the OpenSSH server uses a non-default path to administrators_authorized_keys on the system, it's necessary to configure the NoMachine server accordingly. Instructions are below.

The OpenSSH server for Windows has two different files where the public SSH key for authentication is stored: one file is for standard users (C:\Users\username\.ssh\authorized_keys), while the other file is specific for administrative users (C:\ProgramData\ssh\administrators_authorized_keys).

NoMachine creates on the system the 'nx' account used for internal handling of the program's operation and which requires administrative privileges. Given that the 'nx user' is administrator, it's necessary that NoMachine uses the administrators_authorized_keys file for storing the public keys necessary for authentication (for example when the Windows host has to be added as a node of a Cloud Server). 

The path to the administrators_authorized_keys file is defined in the following key in the NoMachine server configuration file, $(PROGRAMFILES)\NoMachine\etc\server.cfg:

SSHAdminsAuthorizedKeys $(PROGRAMDATA)/ssh/administrators_authorized_keys

This setting works out-of-the-box with the default configuration of OpenSSH on the system.

If the administrator changes the path to administrators_authorized_keys on the system, it's also necessary to change the NoMachine SSHAdminsAuthorizedKeys to the same path. Vice-versa, changing SSHAdminsAuthorizedKeys requires configuring the same path on the system.

Path to administrators_authorized_keys is defined in $(PROGRAMDATA)/ssh/sshd_config:
 
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
# AuthorizedKeysFile      .ssh/authorized_keys

Match Group administrators
       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
 

5. Troubleshooting 

1) NoMachine client reports:
Error: could not find the ssh agent for key forwarding

Solution
Install OpenSSH client on the connecting user's computer.

2) NoMachine client reports:
Error: could not start the ssh agent for key forwarding, please verify that the OpenSSH Authentication Agent service is running

Solution
Open the Run box by Windows + R.
Type: services.msc
Look for OpenSSH Authentication Agent service.
Verify that the service is running and if needed, change the Startup type accordingly to your needs.

As an alternative, you can do commands in powerShell:
2.1) Check status of the ssh-agent 
Get-Service ssh-agent | Select StartType

2.2) If command above returns 'disabled', change status by executing:
Get-Service -Name ssh-agent | Set-Service -StartupType Manual

3) Solving "The connection with the server was lost" when connecting to Windows with OpenSSH server v8.6
https://kb.nomachine.com/AR05V01231