Disable two factor authentication from backend

68 admin May 15, 2023 Common Errors & Troubleshooting 16249

How do I disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for the admin and others users?

Refer to this article to disable 2FA from Ezeelogin GUI if you have admin privilege

For Ezeelogin Version 7 and above

1. To disable force two-factor authentication ( 2FA ) for the admin user, run the following commands.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"

To clear two-factor authentication ( 2FA ) for the admin user, run the following commands. (Based on which 2fa you need to disable use the abbreviation accordingly)

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"

To disable DUO alone for admin user run the following command :

root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"

To disable Google auth alone for admin user run the following command :

root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where id=1"

To disable access keyword alone for admin user run the following command :

root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where id=1"

To disable Yubikey alone for admin user run the following command :

root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eyk=NULL where id=1"

2. To disable Two factor authentication for a specific users, run the following command. Replace with username with user you want to disable.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where username='Administrator'"

3. To disable Force Two factor authentication, run the following command

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

4. To disable Two factor authentication ( 2FA ) for All users, run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where(name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo')"

To clear Two factor Authentication for all users, run the following command.(Based on which 2fa you need to disable use the abbreviation accordingly)

Warning Note

All Users need to reconfigure after any 2FA authentication has been disabled for all users.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"

5. To disable Radius two factor authentication for all user, run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where name='enable_radius_2fa'"

6. To disable Force two factor authentication ( 2FA ) for All user group, run the following command.

root@jumpserver:~#php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N'"

7. To disable Force two factor authentication ( 2FA ) for Individual user group, run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"

Note: Replace the 'usergroup_name' with your user group .

Abbreviations:

egs= Google Authenticator

eyk= Yubikey

eak = Access Keyword

Set_duo = DUO 2fa

For Ezeelogin Version 6 and below

1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf in ezeelogin gateway server.

root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf

system_folder /var/www/ezlogin/

force_https yes

uri_path /

db_host localhost

db_port /var/run/mysqld/mysqld.sock

db_name ezlogin_por

db_user ezlogin_cxy

db_pass ymhbtPaY)VzD2g]84

db_prefix casmbn_

cookie_encryption_key D8$Frp5fF_FF

cookie_name rlbup

cookie_path /

www_folder /var/www/html/ezlogin/

admin_user ezadmin

mysql_encrypt no

2. Login to mysql command prompt

Replace the "db_user" & "dn_name" with values in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.You can find the db password as "db_pass" in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.

root@jumpserver:~# mysql -u db_user -p db_name

3. Run the following command to disable two-factor authentication ( 2FA ) for the admin user

Replace " dbprefix_" with the value of dbprefix_ in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.

UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;

4.Run the following command to disable two-factor authentication ( 2FA ) for all users.

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;

you have to use the correct db_name and dbprefix from ez.conf if you are running the mysql commands manually.

2 people found this article helpful what about you?