Skip to Content

Clear two factor authentication

36  admin June 19, 2024  Two Factor Authentication ( 2FA )

How to reset Google authenticator, DUO, Yubikey, Access keyword, Radius and FIDO2 two factor authentication (2FA) secrets for the gateway user?

Synopsis: This article will help Ezeelogin admin users to reset Google authenticator, DUO, Yubikey, Access keyword, Radius and FIDO2 two-factor authentication (2FA) secrets for the gateway user when the user is locked out or has forgotten their 2FA.

Prompt for 2FA when a user tries to log in to the GUI:

If the gateway user have admin privileges, they can click on the reset password icon, enable "Clear Two-Factor Authentication Secret," and then save the changes.

The gateway user can now log in without being asked for 2FA if 2FA is not enforced; otherwise, the user would be prompted to set up 2FA again.

How to reset Google Authenticator code individually?

Individual users can log into the GUI, navigate to Account -> Google Authenticator -> Reset to reset the Google Authenticator code.

Note: Emergency CLI Method

For Ezeelogin Version 7 and above:

1. To disable two-factor authentication ( 2FA ) for the admin user, run the following commands.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"

2. To disable  two factor authentication ( 2FA ) for all users, run the following command.

root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0" 

Abbreviations:
   eak          = Access Keyword
   eyk          = Yubikey
   egs          = Google Authenticator
   set_duo   = DUO 2FA     

Note: Emergency CLI Method

For Ezeelogin Version 6 and below:

Note:

 User need to provide the correct db_name and dbprefix from ez.conf to run the MySQL commands manually.

1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf from Ezeelogin gateway server.

root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf | grep -i "db_name\|db_user\|db_pass\|db_prefix"

db_name ezlogin_por

db_user ezlogin_cxy

db_pass ymhbtPaY)VzD2g]84

db_prefix casmbn_

2. Log in to MySQL command prompt

Note:

Replace the "db_user", "db_name" and "db_pass" with values in /usr/local/etc/ezlogin/ez.conf from the Ezeelogin jump server.

root@jumpserver:~# mysql -u db_user -p db_name

3. Run the following command to clear the two-factor authentication ( 2FA ) for the admin user.

Note:

Replace "dbprefix_" with the value of dbprefix_ from /usr/local/etc/ezlogin/ez.conf from the Ezeelogin jump server.

Example: "dbprefix_settings" is to be replaced with "casmbn_settings".

mysql> UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;

mysql> UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1;

4. Run the following command to clear the two-factor authentication ( 2FA ) for all users.

mysql> UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;

Related Articles:

Enable/Disable 2FA [Two Factor Authentication] on Ezeelogin

How to enforce 2 Factor Authentication on user login?

How to disable 2FA from Ezeelogin GUI?

Disable two factor authentication from backend
Rating: 5 (1 Votes)