Skip to Content

How do I disable google 2 factor authentication or other 2factor mechanisms in the GUI?

HOW TO RESET GOOGLE 2FA IF THE USER HAS ACCESS TO THE GUI AND HAVE ADMIN PRIVILEGES

If you already have an account with admin privileges, you can reset them via the GUI itself.Log in as the admin user, navigate to the user list, select the user that had accidentally set Google 2FA, click on the password icon for the user, and select 'Clear Two-factor Authentication Secret' box.

  userauth

The user can now log in without 2FA being asked if 2FA is not enforced else the user would be prompted to re-setup 2FA again.

HOW CAN A USER RESET GOOGLE 2FA IN GUI?

 Individual users can log in to the web interface and go to Account->Google Authenticator->set 

To reset it you can do by Account->Google Authenticator->reset

  set2fa

   How to disable two-factor authentication ( 2FA ) for the admin user and others FROM THE DATABASE? 

For Ezeelogin Version 7 and above

1. To disable two-factor authentication ( 2FA ) for the admin user, run the following commands.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

 

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"

 

2. To disable  two factor authentication ( 2FA ) for all users ,run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0" 

Abbreviations:
   eak       = Access Keyword
   eyk       = Yubikey
   egs       = Google Authenticator
   set_duo = DUO 2FA     

For Ezeelogin Version 6 and below 

1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf in ezeelogin gateway server.

root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf

system_folder /var/www/ezlogin/

force_https yes

uri_path /

db_host localhost

db_port /var/run/mysqld/mysqld.sock

db_name ezlogin_por

db_user ezlogin_cxy

db_pass ymhbtPaY)VzD2g]84

db_prefix casmbn_

cookie_encryption_key D8$Frp5fF_FF

cookie_name rlbup

cookie_path /

www_folder /var/www/html/ezlogin/

admin_user ezadmin

mysql_encrypt no

2. Log in to MySQL command prompt

Replace the "db_user" &  "dn_name" with values in  /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.You can find the db password as "db_pass" in /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server.

root@jumpserver:~# mysql -u db_user -p db_name

3. Run the following command to two-factor authentication ( 2FA ) for the admin user

Replace "dbprefix_" with the value of dbprefix_ in  /usr/local/etc/ezlogin/ez.conf of your ezeelogin jump server. For example "dbprefix_settings" is to be replaced with "casmbn_settings" here.

UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1;

4.Run the following command two-factor authentication ( 2FA ) for all users.

UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;

 

 You have to use the correct db_name and dbprefix from ez.conf if you are running the MySQL commands manually.