Skip to Content

Disable two factor authentication from backend

How do I disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users?


Overview: This article describes how to disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users in Ezeelogin Version 7 and above and Ezeelogin Version 6 and below, using specific commands through the terminal.



In Ezeelogin Version 7 and higher, managing two-factor authentication (2FA) settings for admin users involves executing specific commands through the terminal. This guide provides step-by-step instructions on how to disable 2FA for both the admin user and all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO).

For Ezeelogin Version 7 and above.

Admin User 

1. Disabling 2fa for the Admin User.

Step 1(A): To disable force two-factor authentication for the admin user, follow these commands:

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

2. Disabling all enabled 2fa methods for admin User.

Step 2(A): If you need to disable all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1" 

To clear specific 2fa, run the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)

Note the Abbreviations :

egs= Google Authenticator

eyk= Yubikey

eak = Access Keyword

set_duo = DUO 2fa


Disable specific enabled 2fa's for admin users. 

1. Disabling DUO for Admin User.

 To disable DUO alone for admin users run the following command : 

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"

2. Disabling Google auth for Admin User.

To disable Google auth alone for admin users run the following command : 

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where id=1"

3.Disabling Access Keyword for Admin User.

To disable the access keyword alone for the admin users run the following command : 

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where id=1"

4. Disabling Yubikey for Admin User.

To disable Yubikey alone for admin users run the following command : 

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eyk=NULL where id=1"


For  Specific Users

3. Disabling 2fa for specific Users.

Step 3(A): To disable force two-factor authentication for the specific user, follow these commands:

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

4. Disabling All Enabled 2fa Methods for Specific User.

Step 4(A): If you need to disable all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:

Replace with a username with the user you want to disable.

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where username='Administrator'" 


For  All Users 

5. Disabling 2fa methods for all users.

Step 5(A): To disable 2fa for all users, run the following command:

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"


root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where < name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo'>"

Step 5(B): To clear 2fa for all usersrun the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)

Note: All Users need to reconfigure after any 2FA authentication has been disabled for all users.

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"


root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"

6. Disabling radius 2fa method for all users.

Step 6(A): To disable Radius two-factor authentication for all users, run the following command.

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"


root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where name='enable_radius_2fa'"


For all user group

7. Disabling enabled 2fa methods for all user groups. 

Step 7(A):To disable Force two-factor authentication ( 2FA ) for All user groups, run the following command.

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php  " update prefix_usergroups SET force_tfa = 'N'"


Individual user group

8. Disabling enabled 2fa methods for individual user group.

Step 8(A): To disable Force two-factor authentication ( 2FA ) for Individual user group, run the following command. Replace the 'usergroup_name' with your user group.

root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php  " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"

9. For Ezeelogin Version 6 and below:

Step 9(A): Find the database name and database prefix from /usr/local/etc/ezlogin/ez.conf in the Ezeelogin gateway server.

root@gateway:~# cat /usr/local/etc/ezlogin/ez.conf

system_folder /var/www/ezlogin/

force_https yes

uri_path /

db_host localhost

db_port /var/run/mysqld/mysqld.sock

db_name ezlogin_por

db_user ezlogin_cxy

db_pass ymhbtPaY)VzD2g]84

db_prefix casmbn_

cookie_encryption_key D8$Frp5fF_FF

cookie_name rlbup

cookie_path /

www_folder /var/www/html/ezlogin/

admin_user ezadmin

mysql_encrypt no

Step 9(B): Login to MySQL command prompt. Replace the placeholders "db_user" and "db_name" with the corresponding values found in the configuration file located at /usr/local/etc/ezlogin/ez.conf on your Ezeelogin jump server. You can locate the database password under the identifier "db_pass" within the same configuration file.

root@gateway:~# mysql -u  db_user -p  db_name

Step 9(C): Run the following command to disable two-factor authentication ( 2FA ) for the admin userReplace "dbprefix_" with the value of dbprefix_ in  /usr/local/etc/ezlogin/ez.conf of your Ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.

UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;


UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;

Step 9(D): Run the following command to disable two-factor authentication ( 2FA ) for all users.

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;

You have to use the correct db_name and dbprefix from ez.conf if you are running the MySQL commands manually.


Related Articles:

Enforce 2fa on user login.
Reset 2fa on Ezeelogin user.
Disable 2fa from GUI.