
Server Keys
When using  the NX login,  the initial login  between  client and server
happens  through  a  DSA  key  pair - a couple  of  specially  generated
cryptographic keys,  called the private key  and  the  public key.  This
key pair  allow to establish  a secure connection  between clients  such
as NoMachine Player or NoMachine Web Player and NoMachine Server.

The public key is provided during the installation of the server,  while
the private key is distributed together with the NoMachine clients.
This grants  that each client  is able to authenticate to  the server by
using the  NX login  and  start the procedure  for authorizing  the user
and negotiating the session.

You may replace the default SSH keys with a new  DSA key-pair  generated
for the NX user.  In this case,  you need to distribute  the private key
to the NoMachine clients you want authenticated to the NoMachine server.


Creating Users
NoMachine  is configured  to allow access  from any system user  who has
been given  valid credentials  for the SSH login.  NoMachine provides an
alternative  authorization  method, allowing  system  administrators  to
determine which users are given access to the NoMachine functionalities.
This works by implementing  a separation between the system password and
the NoMachine password. When the use of NX Password database is enabled,
the user  must provide the NoMachine  credentials (instead of the system
credentials)  to start  a  session  on that  server.  In this way, it is
possible to forbid remote access to the system by any other means except
NoMachine.

To activate the NX user and password databases, manually edit the server
configuration file or use the NoMachine Server Manager web tool provided
with the NoMachine Server package.


Collaborative Sessions and Remote Desktop Sessions
Depending  on the  server type,  NoMachine  can support  sharing virtual
desktop sessions  as well as  accessing the desktop of the remote server
( remote desktop session ).  Default settings  allow to  connect virtual
sessions  and  remote desktops in  interactive mode  without needing the
owner's authorization.  You can then modify this behavior  by tuning the
configuration  of the  server according  to your needs,  for example, to
grant access  in  view-only mode  or require  the owner's  authorization
before connecting.
