How to enable/disable google 2FA [Two factor Authentication] in Ezeelogin?
Configuring Google 2FA (Two-Factor Authentication) in Ezeelogin
Overview: This article explains how to enable, share, and reuse Google 2FA in Ezeelogin, resolve API deprecation issues, and synchronize server time. It also covers methods to disable Google 2FA through both the GUI and backend commands.
1. How to enable Google 2FA (Two-factor Authentication) in Ezeelogin?
The QR code generation feature is currently affected by the deprecation of the Google Image Charts API, which ceased operation on March 14, 2024. To address this, kindly update to Ezeelogin version 7.37.5 .
Note: Google Authenticator doesn’t require any internet connection.
1.a. Navigate to Settings -> General -> Two Factor Authentication -> Enable Google Authenticator.
1.b. After enabling Google Authenticator refresh the Ezeelogin Software GUI and navigate to Account -> Google Authenticator
1.c. Click on the ' Set ' button and scan the QR code with the Google Authenticator App.
1.d. Re-login to web GUI using Google 2fa
1.e. The backend 2fa method will also be now using Google Authenticator.
Ensure that the time on the Jump server is accurate. Use the command #ntpdate pool.ntp.org to sync the server time. Also, do ensure that the mobile phone times are also in sync with your mobile operator's time.
2. How to share the same google authenticator code with different users?
2.a. Login to GUI, enable google authenticator 2FA from settings. Navigate to accounts tab -> Google authenticator -> Set -> Copy the secret and share with other users. Now all the user with same secret can login to both GUI and shell with the same google code.
3. How to reuse Google Authenticator Code?
3.a. By default, google authenticator code is invalidated after one time use.
3.b. To reuse the google authenticator code, login to Ezeelogin GUI, navigate to Settings -> General -> Two Factor Authentication -> Allow Reuse Of Google Authenticator Code. This ensures that the same Google Authenticator codes could be used for authenticating in both the Ezeelogin GUI and Ezeelogin backend (ezsh) till the code expires.
4. How to disable Google 2FA (Two-factor Authentication) from the GUI?
Note: If you lost your phone, you can use this method.
Emergency CLI Method
Run the below commands to disable and clear google authenticator. Replace username to disable google authenticator for that user.
root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_google_authenticator')"
root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where username='ezadmin'"
This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.
root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_usergroups SET force_tfa = 'N'"
Related Articles
Enable/Disable two-factor authentication in Ezeelogin
Google authenticator QR code image broken