Skip to Content

How to enable/disable google 2FA [Two factor Authentication] in Ezeelogin?

Configuring Google 2FA (Two-Factor Authentication) in Ezeelogin


Overview: This article explains how to enable, share, and reuse Google 2FA in Ezeelogin, resolve API deprecation issues, and synchronize server time. It also covers  methods to disable Google 2FA through both the GUI and backend commands.


1. How to enable Google 2FA (Two-factor Authentication) in Ezeelogin?

The QR code generation feature is currently affected by the deprecation of the Google Image Charts API, which ceased operation on March 14, 2024. To address this, kindly update to Ezeelogin version  7.37.5 . 

Note: Google Authenticator doesn’t require any internet connection.

1.a. Navigate to Settings -> General -> Two Factor Authentication -> Enable Google Authenticator.

1.b. After enabling Google Authenticator refresh the Ezeelogin Software GUI and navigate to Account -> Google Authenticator     

1.c. Click on the ' Set ' button and scan the QR code with the Google Authenticator App.

Download Google Authenticator Application from Appstore/play store for ios/android and install it on your phones

1.d. Re-login to web GUI using Google 2fa

google 2fa

1.e. The backend 2fa method will also be now using Google Authenticator.

google authenticator code

Ensure that the time on the Jump server is accurate. Use the command #ntpdate pool.ntp.org to sync the server time. Also, do ensure that the mobile phone times are also in sync with your mobile operator's time.


2. How to share the same google authenticator code with different users?

2.a. Login to GUI, enable google authenticator 2FA from settings. Navigate to accounts tab -> Google authenticator -> Set -> Copy the secret and share with other users. Now all the user with same secret can login to both GUI and shell with the same google code.


3. How to reuse Google Authenticator Code?

3.a. By default, google authenticator code is invalidated after one time use. 

3.b. To reuse the google authenticator code, login to Ezeelogin GUI, navigate to Settings -> General -> Two Factor Authentication -> Allow Reuse Of Google Authenticator Code. This ensures that the same Google Authenticator codes could be used for authenticating in both the Ezeelogin GUI and Ezeelogin backend (ezsh) till the code expires.


4. How to disable Google 2FA (Two-factor Authentication) from the GUI?


Note: If you lost your phone, you can use this method.

Emergency CLI Method

Run the below commands to disable and clear google authenticator. Replace username to disable google authenticator for that user.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_google_authenticator')"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where username='ezadmin'"

 

No Two-factor Authentication enabled

This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php  "update prefix_usergroups SET force_tfa = 'N'"


Related Articles

Enable/Disable two-factor authentication in Ezeelogin 

Google QR code display error

Error: No Two-factor Authentication enabled in GUI

Disable two-factor authentication from the backend