Disable two factor authentication from backend
How do I disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users?
Overview: This article describes how to disable Two Factor Authentication (Google, Yubikey, Access Keyword, DUO) for admin and other users in Ezeelogin Version 7 and above and Ezeelogin Version 6 and below, using specific commands through the terminal.
In Ezeelogin Version 7 and higher, managing two-factor authentication (2FA) settings for admin users involves executing specific commands through the terminal. This guide provides step-by-step instructions on how to disable 2FA for both the admin user and all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO).
For Ezeelogin Version 7 and above.
1. Disable force 2fa.
Step 1(A): To disable force two-factor authentication for the admin user, follow these commands:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
2. Clearing enabled 2fa methods.
Step 2(A): If you need to disable enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"
To clear specific 2fa, run the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)
Note the Abbreviations :
egs= Google Authenticator
eyk= Yubikey
eak = Access Keyword
set_duo = DUO 2fa
Clearing specifically enabled 2fa's.
1. Clearing DUO.
To clear DUO alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set set_duo=0 where id=1"
2. Clearing Google auth.
To clear Google auth alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL where id=1"
3.Clearing Access Keyword.
To clear the access keyword alone for the admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eak=NULL where id=1"
4. Clearing Yubikey.
To clear Yubikey alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set eyk=NULL where id=1"
5. Clearing Fido2.
To clear Fido2 alone for admin users run the following command :
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "delete from prefix_user_fido2 WHERE user_id = '1'"
For Specific Users
3. Clearing 2fa for specific Users.
Step 3(A): To clear force two-factor authentication for the specific user, follow these commands:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
4. Clearing enabled 2fa Methods for Specific User.
Step 4(A): If you need to clear all enabled 2FA methods (Google Authenticator, Yubikey, Access Keyword, DUO), use the following command:
Replace with a username with the user you want to disable.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where username='tom'"
For All Users
5. Disabling 2fa methods for all users.
Step 5(A): To disable 2fa for all users, run the following command:
Run the below command to clear force 2fa:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
Run the below command to disable 2fa for all gateway users:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where < name='enable_access_keyword' OR name='enable_google_authenticator' OR name='enable_yubikey' OR name='enable_duo' OR name='enable_fido2'>"
Step 5(B): To clear 2fa for all users, run the following command. (Based on which 2fa you need to disable use the abbreviation accordingly)
Note that all gateway users need to reconfigure after any 2FA authentication has been disabled for all users.
Run the below command to clear force 2fa:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
Run the below command to clear 2fa for all users:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"
6. Disabling radius 2fa method for all users.
Step 6(A): To disable Radius two-factor authentication for all users, run the following command.
Run the below command to clear force 2fa:
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
Run the below command to disable Radius 2fa method.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings set value='N' where name='enable_radius_2fa'"
For all user group
7. Clearing force 2fa for all user groups.
Step 7(A):To clear Force two-factor authentication ( 2FA ) for All user groups, run the following command.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N'"
Individual user group
8. Clearing enabled 2fa methods for individual user group.
Step 8(A): To clear Force two-factor authentication ( 2FA ) for Individual user group, run the following command. Replace the 'usergroup_name' with your user group.
root@gateway:~# php /usr/local/ezlogin/ez_queryrunner.php " update prefix_usergroups SET force_tfa = 'N' where name = 'usergroup_name'"
For Ezeelogin Version 6 and below.
9. For Ezeelogin Version 6 and below:
Step 9(A): Find the database name and database prefix from /usr/local/etc/ezlogin/ez.conf in the Ezeelogin gateway server.
root@gateway:~# cat /usr/local/etc/ezlogin/ez.conf
system_folder /var/www/ezlogin/
force_https yes
uri_path /
db_host localhost
db_port /var/run/mysqld/mysqld.sock
db_name ezlogin_por
db_user ezlogin_cxy
db_pass ymhbtPaY)VzD2g]84
db_prefix casmbn_
cookie_encryption_key D8$Frp5fF_FF
cookie_name rlbup
cookie_path /
www_folder /var/www/html/ezlogin/
admin_user ezadmin
mysql_encrypt no
Step 9(B): Login to MySQL command prompt. Replace the placeholders "db_user" and "db_name" with the corresponding values found in the configuration file located at /usr/local/etc/ezlogin/ez.conf on your Ezeelogin jump server. You can locate the database password under the identifier "db_pass" within the same configuration file.
root@gateway:~# mysql -u db_user -p db_name
Step 9(C): Run the following command to disable two-factor authentication ( 2FA ) for the admin user. Replace "dbprefix_" with the value of dbprefix_ in /usr/local/etc/ezlogin/ez.conf of your Ezeelogin jump server. For example " dbprefix_settings " is to be replaced with " casmbn_settings " here.
UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=NULL where id=1;
Step 9(D): Run the following command to disable two-factor authentication ( 2FA ) for all users.
UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;
You have to use the correct db_name and dbprefix from ez.conf if you are running the MySQL commands manually.