How to reset Google authenticator, DUO, Yubikey, Access keyword, Radius and FIDO2 two factor authentication (2FA) secrets for the gateway user?
Synopsis: This article will help Ezeelogin admin users to reset Google authenticator, DUO, Yubikey, Access keyword, Radius and FIDO2 two-factor authentication (2FA) secrets for the gateway user when the user is locked out or has forgotten their 2FA.
![](https://www.ezeelogin.com/kb/assets/img_6672a1326546a.png)
Prompt for 2FA when a user tries to log in to the GUI:
![](https://www.ezeelogin.com/kb/assets/img_6672a1673cd79.png)
If the gateway user have admin privileges, they can click on the reset password icon, enable "Clear Two-Factor Authentication Secret," and then save the changes.
![](https://www.ezeelogin.com/kb/assets/img_666bf4b297f10.png)
How to reset Google Authenticator code individually?
Individual users can log into the GUI, navigate to Account -> Google Authenticator -> Reset to reset the Google Authenticator code.
![](https://www.ezeelogin.com/kb/assets/img_666bf69c14806.png)
Note: Emergency CLI Method
For Ezeelogin Version 7 and above:
1. To disable two-factor authentication ( 2FA ) for the admin user, run the following commands.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_settings SET value = 0 WHERE name = 'two_factor_auth'"
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1"
2. To disable two factor authentication ( 2FA ) for all users, run the following command.
root@jumpserver:~# php /usr/local/ezlogin/ez_queryrunner.php "update prefix_users set egs=NULL,eak=NULL,eyk=NULL,set_duo=0"
Abbreviations:
eak = Access Keyword
eyk = Yubikey
egs = Google Authenticator
set_duo = DUO 2FA
Note: Emergency CLI Method
For Ezeelogin Version 6 and below:
User need to provide the correct db_name and dbprefix from ez.conf to run the MySQL commands manually.
1. Find database name and database prefix from /usr/local/etc/ezlogin/ez.conf from Ezeelogin gateway server.
root@jumpserver:~# cat /usr/local/etc/ezlogin/ez.conf | grep -i "db_name\|db_user\|db_pass\|db_prefix"
db_name ezlogin_por
db_user ezlogin_cxy
db_pass ymhbtPaY)VzD2g]84
db_prefix casmbn_
2. Log in to MySQL command prompt
Replace the "db_user", "db_name" and "db_pass" with values in /usr/local/etc/ezlogin/ez.conf from the Ezeelogin jump server.
root@jumpserver:~# mysql -u db_user -p db_name
3. Run the following command to clear the two-factor authentication ( 2FA ) for the admin user.
Replace "dbprefix_" with the value of dbprefix_ from /usr/local/etc/ezlogin/ez.conf from the Ezeelogin jump server.
Example: "dbprefix_settings" is to be replaced with "casmbn_settings".
mysql> UPDATE dbprefix_settings SET value = 0 WHERE name = 'two_factor_auth' ;
mysql> UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0 where id=1;
4. Run the following command to clear the two-factor authentication ( 2FA ) for all users.
mysql> UPDATE dbprefix_users SET egs=NULL,eak=NULL,eyk=NULL,set_duo=0;
Related Articles:
Enable/Disable 2FA [Two Factor Authentication] on Ezeelogin
How to enforce 2 Factor Authentication on user login?
How to disable 2FA from Ezeelogin GUI?
Disable two factor authentication from backend