Disable two factor authentication from backend
How do I disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users?
Overview: This article describes how to disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users in Ezeelogin Version 7 and above and Ezeelogin Version 6 and below, using specific commands through the terminal.
In Ezeelogin Version 7 and higher, managing two-factor authentication (2FA) settings for admin users involves executing specific commands through the terminal. This guide provides step-by-step instructions on how to disable 2FA for both the admin user and all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO).
For Ezeelogin Version 7 and above.
Admin User
1. Disabling 2fa for the Admin User.
Step 1(A): To disable force two-factor authentication for the admin user, follow these commands:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
2. Disabling all enabled 2fa methods for admin User.
Step 2(A): If you need to disable all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"
To clear specific 2fa, run the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)
Note the Abbreviations :
egs= Google Authenticator
eyk= Yubikey
eak = Access Keyword
set_duo = DUO 2fa
Disable specific enabled 2fa's for admin users.
1. Disabling DUO for Admin User.
To disable DUO alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"
2. Disabling Google auth for Admin User.
To disable Google auth alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where id=1"
3.Disabling Access Keyword for Admin User.
To disable the access keyword alone for the admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where id=1"
4. Disabling Yubikey for Admin User.
To disable Yubikey alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eyk=NULL where id=1"
For Specific Users
3. Disabling 2fa for specific Users.
Step 3(A): To disable force two-factor authentication for the specific user, follow these commands:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
4. Disabling All Enabled 2fa Methods for Specific User.
Step 4(A): If you need to disable all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:
Replace with a username with the user you want to disable.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where username='Administrator'"
For All Users
5. Disabling 2fa methods for all users.
Step 5(A): To disable 2fa for all users, run the following command:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where < name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo'>"
Step 5(B): To clear 2fa for all users, run the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)
Note: All Users need to reconfigure after any 2FA authentication has been disabled for all users.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"
6. Disabling radius 2fa method for all users.
Step 6(A): To disable Radius two-factor authentication for all users, run the following command.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where name='enable_radius_2fa'"
For all user group
7. Disabling enabled 2fa methods for all user groups.
Step 7(A):To disable Force two-factor authentication ( 2FA ) for All user groups, run the following command.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N'"
Individual user group
8. Disabling enabled 2fa methods for individual user group.
Step 8(A): To disable Force two-factor authentication ( 2FA ) for Individual user group, run the following command. Replace the 'usergroup_name' with your user group.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"
9. For Ezeelogin Version 6 and below:
Step 9(A): Find the database name and database prefix from /usr/local/etc/ezlogin/ez.conf in the Ezeelogin gateway server.
root@gateway:~# cat /usr/local/etc/ezlogin/ez.conf
system_folder /var/www/ezlogin/
force_https yes
uri_path /
db_host localhost
db_port /var/run/mysqld/mysqld.sock
db_name ezlogin_por
db_user ezlogin_cxy
db_pass ymhbtPaY)VzD2g]84
db_prefix casmbn_
cookie_encryption_key D8$Frp5fF_FF
cookie_name rlbup
cookie_path /
www_folder /var/www/html/ezlogin/
admin_user ezadmin
mysql_encrypt no
Step 9(B): Login to MySQL command prompt. Replace the placeholders "db_user" and "db_name" with the corresponding values found in the configuration file located at /usr/local/etc/ezlogin/ez.conf on your Ezeelogin jump server. You can locate the database password under the identifier "db_pass" within the same configuration file.
root@gateway:~# mysql -u db_user -p db_name
Step 9(C): Run the following command to disable two-factor authentication ( 2FA ) for the admin user. Replace "dbprefix_" with the value of dbprefix_ in /usr/local/etc/ezlogin/ez.conf of your Ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.
UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;
Step 9(D): Run the following command to disable two-factor authentication ( 2FA ) for all users.
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;
You have to use the correct db_name and dbprefix from ez.conf if you are running the MySQL commands manually.