Skip to Content

Access Keyword 2FA explained

How to enable/disable Access Keyword 2FA (Two-factor Authentication)in Ezeelogin?

Access keywords is a two-factor mechanism used for securing the GUI and the ssh backend. Ideally, it would be phrases that can be easily remembered. They should never be written down and should be stored only in your memory. 

How to enable Access Keyword 2FA (Two-factor Authentication) in Ezeelogin?

Navigate to Settings -> General -> Two Factor Authentication -> Enable Access Keyword.

Example of phrases that can be used for Access keywords would be a phrase like  "top dog bites".

The access keyword can be set by the user as follows. The access keyword should have a minimum of 10 characters and at least 4 unique characters.

Once set the web GUI would ask for the characters from 3 different positions while authenticating. As you can see below, we need to enter the characters from the first, seventh, and twelfth positions within the phrase.

access keyword  2fa

As, you can see, we had used the phrase "top dog bites",so we would enter the character that would come in the first, seventh, and twelfth positions within the phrase, which would be 't', 'g', and 'e'. Note that, space is a character and would be counted. For, example the character in the fourth position would be the space character in which case we would simply enter the 'space' key. 

access-keyword 2FA

The access keyword would have to enter to access the backend shell as well. In this case, we would need to enter the characters in the fourth, eighth, and twelfth positions within the phrase. Looking at the phrase "top dog bites",  it would be the space character, the space character again in the eighth position, and 'e' in the twelfth position.

2fa  ssh access keyword

How to disable Access Keyword 2FA (Two-factor Authentication) from the backend?

Run the below commands to disable and clear google authenticator. Replace username to disable access keyword for that user.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_access_keyword')"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where username='ezadmin'"

No Two-factor Authentication enabled

This error happens when we enforce Two-Factor authentication without enabling any of the Two-Factor authentications. Run the following command to disable Force Two Factor Authentication.

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php  "update prefix_usergroups SET force_tfa = 'N'"

How to disable Access Keyword 2FA (Two-factor Authentication) from the GUI?


Related Articles