Disable two factor authentication (2FA Google, Yubikey , Access Keyword, DUO)

How do i disable two factor authentication ( 2FA ) for the admin user and others?

For Ezeelogin Version 7 and above

1. To disable two factor authentication ( 2FA ) for admin user, run the following commands.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1"

You can also disable duo by running the following command :

root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"

2. To disable two factor authentication ( 2FA ) for all users ,run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL"

3. To disable two factor authentication ( 2FA ) for user group , run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'; "

Note: Replace the 'usergroup_name' with your user group.

Abbreviations:
eak = Access Keyword
eyk = Yubikey
egs = Google Authenticator
set_duo = DUO 2FA

For Ezeelogin Version 6 and below

1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf in ezeelogin gateway server.

root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf

system_folder /var/www/ezlogin/

force_https yes

uri_path /

db_host localhost

db_port /var/run/mysqld/mysqld.sock

db_name ezlogin_por

db_user ezlogin_cxy

db_pass ymhbtPaY)VzD2g]84

db_prefix casmbn_

cookie_encryption_key D8$Frp5fF_FF

cookie_name rlbup

cookie_path /

www_folder /var/www/html/ezlogin/

admin_user ezadmin

mysql_encrypt no

2. Login to mysql command prompt

Replace the "db_user" & "dn_name" with values in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.You can find the db password as "db_pass" in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.

root@jumpserver:~# mysql -u db_user -p db_name

4. Run the following command to two factor authentication ( 2FA ) for admin user

Replace "dbprefix_" with the value of dbprefix_ in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server. For example "dbprefix_settings" is to be replaced with "casmbn_settings" here.

UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;

Run the following command two factor authentication ( 2FA ) for all users.

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL;

you have to use correct db_name and dbprefix from ez.conf if you are running the mysql commands manually.