Seteuid "operation not permitted" error when using LSA for sshd

Corinna Vinschen
Fri May 25 09:41:00 GMT 2012

On May 25 10:15, Mark Pattie wrote:
> Hi all,
> I have installed Cygwin and am running sshd successfully. The
> permission required for the sshd service account "create a token
> object" is not permitted to be granted to any accounts in my
> organization. As such I have decided to use LSA based on Method 2 on
> the following page:
> I had succesfully tested ssh authentication with a public/private
> certificate pair prior to running /usr/bin/cyglsa-config to install
> LSA. I ran the script, removed the "create a token object" permission
> and rebooted the server. Now I cannot authenticate using the
> public/private keys. I receive the following error in the Windows
> event log:
> sshd: PID 2780: fatal: seteuid 1003: Operation not permitted
> When I add the permission back to the service account and restart sshd
> the public/private key authentication works again
> Any help would be great

Does the account have TCB rights?  That's required to run LSA auth.
Same for method 3, btw.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list