Skip to Content

How to configure Yubikey two factor authentication in ssh ?

How to enable/disable Yubikey 2FA (Two-factor Authentication) in Ezeelogin?

Do check out the video to Configure Yubikey two-factor authentication in ssh jump host 

1. Navigate to  Settings -> General -> Two FactorAuthentication -> Enable Yubikey. Click on Get Yubico API Key to get the Client and Secret of Yubikey.

2. Navigate to Account -> Password -> New YubiKey to complete the setup.

3. Once this has been done, login into the web interface using the Yubikey 2FA method and then the backend 2FA in ssh would automatically use the Yubikey 2FA. Basically, the last successful 2FA method used in the web interface/web-GUI would be used in the backend ssh shell/ or ezsh shell.

ssh to jump host

Yubikey in ssh

How to disable Yubikey 2FA (Two-factor Authentication) from the backend?

Run the below commands to disable and clear google authenticator. Replace username to disable yubikey for that user.

[email protected] ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_yubikey')"

[email protected] ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eyk=NULL where username='ezadmin'"

No Two-factor Authentication enabled

This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.

[email protected] ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

[email protected] ~]# php /usr/local/ezlogin/ez_queryrunner.php  "update prefix_usergroups SET force_tfa = 'N'"

How to disable Yubikey 2FA (Two-factor Authentication) from the GUI?