Disable two factor authentication from backend
How do I disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for the admin and other users?
For Ezeelogin Version 7 and above.
Synopsis: This article describes how to disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users in Ezeelogin Version 7 and above and Ezeelogin Version 6 and below, using specific commands through the terminal.
In Ezeelogin Version 7 and higher, managing two-factor authentication (2FA) settings for admin users involves executing specific commands through the terminal. This guide provides step-by-step instructions on how to disable 2FA for both the admin user and all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO).
Admin User
Step 1. Disabling 2fa for the Admin User.
- To disable force two-factor authentication for the admin user, follow these commands:
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
Step 2: Disabling All Enabled 2fa Methods for Admin User.
- If you need to disable all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"
Following are the steps to disable specific enabled 2fa's for admin users.
1. Disabling DUO for Admin User.
To disable DUO alone for admin users run the following command :
root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"
2. Disabling Google auth for Admin User.
To disable Google auth alone for admin users run the following command :
root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where id=1"
3. Disabling Access Keyword for Admin User.
To disable the access keyword alone for the admin users run the following command :
root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where id=1"
4. Disabling Yubikey for Admin User.
To disable Yubikey alone for admin users run the following command :
root@localhost:~ php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eyk=NULL where id=1"
Specific Users
Step 1. Disabling 2fa for specific Users.
- To disable force two-factor authentication for the specific user, follow these commands:
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
Step 2: Disabling All Enabled 2fa Methods for Specific User.
- If you need to disable all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:
Replace with a username with the user you want to disable.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where username='Administrator'"
All Users
Step 1: Disabling 2fa Methods for ALL USERS.
- To disable 2fa for all users, run the following command:
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where < name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo'>"
- To clear 2fa for all users, run the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)
All Users need to reconfigure after any 2FA authentication has been disabled for all users.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"
1. Disabling Raduis 2fa Methods for all users.
- To disable Radius two-factor authentication for all users, run the following command.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where name='enable_radius_2fa'"
ALL USER GROUP.
1. Disabling Enabled 2fa Methods for all user group.
- To disable Force two-factor authentication ( 2FA ) for All user group, run the following command.
root@jumpserver:~#php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N'"
INDIVIDUAL USER GROUP.
1. Disabling Enabled 2fa Methods for individual user group.
- To disable Force two-factor authentication ( 2FA ) for Individual user group, run the following command.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"
Note: Replace the 'usergroup_name' with your user group .
For Ezeelogin Version 6 and below.
1. Find the database name and database prefix from /usr/local/etc/ezlogin/ez.conf in the Ezeelogin gateway server.
root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf
system_folder /var/www/ezlogin/
force_https yes
uri_path /
db_host localhost
db_port /var/run/mysqld/mysqld.sock
db_name ezlogin_por
db_user ezlogin_cxy
db_pass ymhbtPaY)VzD2g]84
db_prefix casmbn_
cookie_encryption_key D8$Frp5fF_FF
cookie_name rlbup
cookie_path /
www_folder /var/www/html/ezlogin/
admin_user ezadmin
mysql_encrypt no
2. Login to MySQL command prompt.
NOTE: Replace the placeholders "db_user" and "db_name" with the corresponding values found in the configuration file located at /usr/local/etc/ezlogin/ez.conf on your Ezeelogin jump server. You can locate the database password under the identifier "db_pass" within the same configuration file.
root@jumpserver:~# mysql -u db_user -p db_name
3. Run the following command to disable two-factor authentication ( 2FA ) for the admin user
Note: Replace " dbprefix_" with the value of dbprefix_ in /usr/local/etc/ezlogin/ez.conf of your Ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.
UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;
4. Run the following command to disable two-factor authentication ( 2FA ) for all users.
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;
Note: You have to use the correct db_name and dbprefix from ez.conf if you are running the MySQL commands manually.
Related Articles: