Skip to Content

Configure DUO 2FA in Ezeelogin SSH Jumphost

How to enable/disable DUO 2fa in Ezeelogin?

Do check out the duo ssh jump host configuration video as well.

1. Create your account on duo.com and log in. Navigate to Applications -> Protect an Application 

2. Search for Web SDK and click on Protect this Application

duo-ssh-sdk

3. Copy Integration Key, Secret Key, and API Hostname.  Also, enter a custom name for this Application Under Settings.

 

How to enable Duo 2FA (Two-factor Authentication) from the GUI?

Log on to the Ezeelogin web panel, click on Settings-> General->Two Factor Authentication, and paste the DUO Integration Key, Secret Key, and the API hostname in the highlighted fields below and Enable DUO, then click on the save button. 

Note: In order to avoid the " invalid_grant " or " An Error Was Encountered "error, make sure to access the Ezeelogin GUI with SSL(HTTPS) and a domain name. Refer to the article 

5. Login to Ezeelogin GUI as the user which you want to enable DUO and Enable DUO Authenticator from Ezeelogin GUI > Accounts > Duo Authenticator

6. Logout and Relogin into the Web panel and you will be asked for duo two-factor authentication.

duo ssh jumphost 2fa

Backend 2FA Duo authentication.

Note: If an Ezeelogin user wants to enable DUO 2FA, but Admin has disabled force two-factor authentication, then that particular user must log into the GUI and enable DUO 2FA under Account -> DUO Authenticator then logout and re-login again into the Web panel and you would be asked for DUO two-factor authentication.

How to disable DUO 2FA (Two-factor Authentication) from the backend?

Run the below commands to disable and clear DUO. Replace the username to disable DUO for that user.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_duo')"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where username='ezadmin'"

No Two-factor Authentication enabled

This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php  "update prefix_usergroups SET force_tfa = 'N'"

How to disable Duo 2FA (Two-factor Authentication) from the GUI?

To disable Duo 2FA globally, navigate to Settings -> General -> Two Factor Authenticator -> Disable Duo

To disable Duo 2FA for a user, navigate to Account -> Duo Authenticator -> Disable

 

Related Articles