Configure DUO 2FA in Ezeelogin SSH Jumphost

164 admin July 23, 2024 Security Features, Two Factor Authentication ( 2FA ) 8963

How to enable/disable DUO 2fa in Ezeelogin?

Overview: This article provides a comprehensive guide on configuring and managing duo two-factor authentication (2FA) for Ezeelogin gateway users. It also covers methods to disable duo 2FA through both the GUI and backend commands.

Duo 2fa

Do check out the duo ssh jump host configuration video as well.

1. How to enable DUO 2FA (Two-factor Authentication) in Ezeelogin?

Step 1(A): Create your account on duo.com and log in. Navigate to Applications -> Protect an Application

Step 1(B): Search for Web SDK and click on Protect this Application

Step 1(C): Copy Integration Key, Secret Key, and API Hostname and paste it on Ezeelogin GUI. Also, enter a custom name for this Application Under Settings.

Step 1(D): Enable duo 2FA in the Ezeelogin GUI with an admin privileged user. Log in to the Ezeelogin GUI, navigate to Settings -> General -> Two Factor Authentication -> Enable Duo, and paste the DUO Integration Key, Secret Key, and the API hostname in the highlighted fields below, then click on the save button.

Note: In order to avoid the " invalid_grant " or " An Error Was Encountered "error, make sure to access the Ezeelogin GUI with SSL(HTTPS) and a domain name. Refer to the article "error": "invalid_grant", "error_description"

Step 1(E): To set up Duo 2FA for user authentication, log in to the Ezeelogin GUI as the user for whom duo is to be enabled. Then, navigate to Account -> Duo Authenticator -> Enable Duo Authenticator.

Step 1(F): Log out and re-login into the web panel and duo two-factor authentication will be asked.

duo ssh jumphost 2fa

Step 1(G): The backend 2fa method will also be using Duo 2FA.

Note: If an Ezeelogin user wants to enable DUO 2FA, but Admin has disabled force two-factor authentication, then that particular user must log into the GUI and enable DUO 2FA under Account -> DUO Authenticator then logout and re-login again into the web panel and you would be asked for DUO two-factor authentication.

2. How to disable DUO 2FA (Two-factor Authentication) from the GUI?

Step 2(A): To disable Duo 2FA globally(Duo 2FA will be disabled for all users), navigate to Settings -> General -> Two Factor Authenticator -> Disable Duo

Step 2(B): To disable Duo 2FA for a single user, log in to the Ezeelogin GUI as the user for whom duo is to be disabled, navigate to Account -> Duo Authenticator -> Disable

Emergency CLI Method

Run the below commands to disable and clear DUO 2FA. Replace the username to disable DUO for that user.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_duo')"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where username='ezadmin'"

No Two-factor Authentication enabled

This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_usergroups SET force_tfa = 'N'"

Related Articles:

Enable/Disable two factor authentication in Ezeelogin

Error: No Two-factor Authentication enabled in GUI

Disable two factor authentication from backend

How to reset 2fa of an ezeelogin user?

4 people found this article helpful what about you?