Configure DUO 2FA in Ezeelogin SSH Jumphost
How to enable/disable DUO 2fa in Ezeelogin?
Do check out the duo ssh jump host configuration video as well.
1. Create your account on duo.com and log in. Navigate to Applications -> Protect an Application
2. Search for Web SDK and click on Protect this Application
3. Copy Integration Key, Secret Key, and API Hostname. Also, enter a custom name for this Application Under Settings.
Log on to the Ezeelogin web panel, click on Settings-> General->Two Factor Authentication, and paste the DUO Integration Key, Secret Key, and the API hostname in the highlighted fields below and Enable DUO, then click on the save button.
Note: In order to avoid the " invalid_grant " or " An Error Was Encountered "error, make sure to access the Ezeelogin GUI with SSL(HTTPS) and a domain name. Refer to the article
5. Login to Ezeelogin GUI as the user which you want to enable DUO and Enable DUO Authenticator from Ezeelogin GUI > Accounts > Duo Authenticator
6. Logout and Relogin into the Web panel and you will be asked for duo two-factor authentication.
Backend 2FA Duo authentication.
Note: If an Ezeelogin user wants to enable DUO 2FA, but Admin has disabled force two-factor authentication, then that particular user must log into the GUI and enable DUO 2FA under Account -> DUO Authenticator then logout and re-login again into the Web panel and you would be asked for DUO two-factor authentication.
How to disable DUO 2FA (Two-factor Authentication) from the backend?
Run the below commands to disable and clear DUO. Replace the username to disable DUO for that user.
root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_duo')"
root@gateway ~]# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where username='ezadmin'"