From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4778 invoked by alias); 16 Feb 2014 06:04:05 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 4765 invoked by uid 89); 16 Feb 2014 06:04:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.3 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: vms173023pub.verizon.net Received: from vms173023pub.verizon.net (HELO vms173023pub.verizon.net) (206.46.173.23) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sun, 16 Feb 2014 06:04:03 +0000 Received: from [192.168.1.231] ([unknown] [74.104.179.122]) by vms173023.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0N1200IV4RIJOEJ0@vms173023.mailsrvcs.net> for cygwin@cygwin.com; Sun, 16 Feb 2014 00:04:02 -0600 (CST) Message-id: <530054CC.9050405@cygwin.com> Date: Sun, 16 Feb 2014 06:05:00 -0000 From: "Larry Hall (Cygwin)" Reply-to: cygwin@cygwin.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-version: 1.0 To: cygwin@cygwin.com Subject: Re: seteuid 1019: Operation not permitted References: In-reply-to: Content-type: text/plain; charset=ISO-8859-1; format=flowed Content-transfer-encoding: 7bit X-SW-Source: 2014-02/txt/msg00402.txt.bz2 On 2/15/2014 7:08 PM, Evan Rowley wrote: > Everyone! > > I finally figured out what the problem was here. > > A group policy was in effect on the Windows machine. The group policy > is supposed to enforce the baseline security configuration as defined > by the Center for Internet Security (CIS) Benchmark for Windows > Servers. One particular Local User Security Policy setting was > disabled. It was "act as part of the operating system" - apparently > this is needed in order for SSHD in Cygwin to work. Yeah, this is mentioned in the closely related FAQ entry . The need for it is also spelled out in the /usr/share/csih/cygwin-service-installation-helper.sh script used by /usr/bin/ssh-host-config. I know, it's not real obvious that this is a requirement when you're installing or why. And when it's not unavailable the complaints that ensue aren't that easy to immediately track back to this security policy. I have this vague recollection that this particular policy is only necessary to support public key authentication, though I didn't test that. Regardless, that's small consolation if public key authentication is what you're looking for. ;-) -- Larry _____________________________________________________________________ A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting annoying in email? -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple