How to disable 2FA aka 2 Factor Authentification

Original thanks to @land12 for method in: https://forums.cyberpanel.net/discussion/comment/11902/#Comment_11902

Below is reusable way to do this for the main administrator with an id of 1

How to disable it
PASSWORD=$(cat /etc/cyberpanel/mysqlPassword);
DB_NAME=“cyberpanel”;
mysql -uroot -p${PASSWORD} “${DB_NAME}” -e “UPDATE loginSystem_administrator SET twoFA = ‘0’ WHERE id = 1;”

How to check if its enabled:
PASSWORD=$(cat /etc/cyberpanel/mysqlPassword);
DB_NAME=“cyberpanel”;
mysql -uroot -p${PASSWORD} “${DB_NAME}” -e “SELECT twoFA FROM loginSystem_administrator WHERE id = 1;”

Example:
root@server:~# PASSWORD=$(cat /etc/cyberpanel/mysqlPassword);
root@server:~# DB_NAME=“cyberpanel”;
root@server:~# mysql -uroot -p${PASSWORD} “${DB_NAME}” -e “SELECT twoFA FROM loginSystem_administrator WHERE id = 1;”
±------+
| twoFA |
±------+
| 0 |
±------+
root@server:~#

Also requested that the official documentation is updated to reflect how to do this as it seems to be coming up alot lately.
https://cyberpanel.net/docs/two-factor-authentication-in-cyberpanel/

1 Like

Thanks alot, but i have same issue, i check if enabled but I didn’t know what that mean
±------+
| twoFA |
±------+
| 0 |
±------+
I still can’t access our panel

como eu encontro o meu id?

Why I get Google 2FA activated after I install cyberpanel?
what SSH command to remove this feature from my server?

HELP CENTOS 7 2FA DISABLE CODE SSH

1 Like

its a big problem
we cannot login to the control panel, we didn’t enable 2FA, why its automatically enabled when login?

Type your coI did this:
Go to the Security Basics page and log in to your Microsoft account.
Select Advanced Security Settings.
For the second-step verification, select Set to two-step verification to enable it, or select Disable two-step verification to enable it to disable it .

Type your comment> @samysalahgad said:

its a big problem
we cannot login to the control panel, we didn’t enable 2FA, why its automatically enabled when login?

Yes, I also got the same error, I didn’t enable Google 2FA but they automatically enabled, and now I can’t login dc Panel. Do you have any solution?

One of our clients reports the same issue since today. Above fix in the DB does not work, because twoFA field is already 0:

MariaDB [cyberpanel]> SELECT twoFA FROM loginSystem_administrator WHERE id = 1
→ ;
±------+
| twoFA |
±------+
| 0 |
±------+
1 row in set (0.001 sec)

To be sure and stupid, I ran the script:
UPDATE loginSystem_administrator SET twoFA = ‘0’ WHERE loginSystem_administrator.id = 1;
Query OK, 0 rows affected (0.001 sec)
Rows matched: 1 Changed: 0 Warnings: 0

and after:
systemctl restart lscpd

Also did a yum update to make sure I use the most recent versions and changed the admin pass.

Still the 2FA field…

i hope this can help;
open with new browser (different with your daily browser) and open 8090 in browser
if it’s pop google auth field then delete your browser history (ctrl+shif+del if you use chrome and firefox) and choose everything. close your 8090 page and the re open. the google auth magically disappear … it’s work for me… not use the DB injection

1 Like

@bgxerjoe said:
i hope this can help;
open with new browser (different with your daily browser) and open 8090 in browser
if it’s pop google auth field then delete your browser history (ctrl+shif+del if you use chrome and firefox) and choose everything. close your 8090 page and the re open. the google auth magically disappear … it’s work for me… not use the DB injection

Yes, did it for me! Thank you.

Yesterday this error came due to Fastly CDN being down.

  1. Go to the Security basics page and sign in with your Microsoft account.
  2. Select More security options.
  3. Under Two-step verification, choose Set up two-step verification to turn it on, or choose
    Turn off two-step verification to turn it off.
  4. Follow the instructions.

I used vpn to enter the admin panel, it helped me

I’m also facing the same issue, it’s not possible to access on the first log in with 2 factor authenticator, it’s funny, after the fresh installation could not log in, if can not log in, then could not white list the SSH port, then SSH could not work

I can’t access my SSH now, because after the installation need go inside the panel to allow thee SSH port, did you fixed this issue?

Can you remove this comment, this topic nothing related to Microsoft account

I followed it but it didn’t change someone help me

Yesterday this metod worked for me , but now it’s not working
This is what happen when I uesd the command

root@myserver:~# PASSWORD=$(cat /etc/cyberpanel/mysqlPassword);
root@myserver:~# DB_NAME=“cyberpanel”;
root@myserver:~# mysql -uroot -p${PASSWORD} “${DB_NAME}” -e “SELECT twoFA FROM loginSystem_administrator WHERE id = 1;”
mysql  Ver 15.1 Distrib 10.3.34-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Usage: mysql [OPTIONS] [database]

Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf ~/.my.cnf
The following groups are read: mysql client client-server client-mariadb
The following options may be given as the first argument:
--print-defaults          Print the program argument list and exit.
--no-defaults             Don't read default options from any option file.
The following specify which files/extra groups are read (specified before remaining options):
--defaults-file=#         Only read default options from the given file #.
--defaults-extra-file=#   Read this file after the global files are read.
--defaults-group-suffix=# Additionally read default groups with # appended as a suffix.

  -?, --help          Display this help and exit.
  -I, --help          Synonym for -?
  --abort-source-on-error
                      Abort 'source filename' operations in case of errors
  --auto-rehash       Enable automatic rehashing. One doesn't need to use
                      'rehash' to get table and field completion, but startup
                      and reconnecting may take a longer time. Disable with
                      --disable-auto-rehash.
                      (Defaults to on; use --skip-auto-rehash to disable.)
  -A, --no-auto-rehash
                      No automatic rehashing. One has to use 'rehash' to get
                      table and field completion. This gives a quicker start of
                      mysql and disables rehashing on reconnect.
  --auto-vertical-output
                      Automatically switch to vertical output mode if the
                      result is wider than the terminal width.
  -B, --batch         Don't use history file. Disable interactive behavior.
                      (Enables --silent.)
  --binary-as-hex     Print binary data as hex
  --character-sets-dir=name
                      Directory for character set files.
  --column-type-info  Display column type information.
  -c, --comments      Preserve comments. Send comments to the server. The
                      default is --skip-comments (discard comments), enable
                      with --comments.
  -C, --compress      Use compression in server/client protocol.
  -#, --debug[=#]     This is a non-debug version. Catch this and exit.
  --debug-check       Check memory and open file usage at exit.
  -T, --debug-info    Print some debug info at exit.
  -D, --database=name Database to use.
  --default-character-set=name
                      Set the default character set.
  --delimiter=name    Delimiter to be used.
  -e, --execute=name  Execute command and quit. (Disables --force and history
                      file.)
  -E, --vertical      Print the output of a query (rows) vertically.
  -f, --force         Continue even if we get an SQL error. Sets
                      abort-source-on-error to 0
  -G, --named-commands
                      Enable named commands. Named commands mean this program's
                      internal commands; see mysql> help . When enabled, the
                      named commands can be used from any line of the query,
                      otherwise only from the first line, before an enter.
                      Disable with --disable-named-commands. This option is
                      disabled by default.
  -i, --ignore-spaces Ignore space after function names.
  --init-command=name SQL Command to execute when connecting to MySQL server.
                      Will automatically be re-executed when reconnecting.
  --local-infile      Enable/disable LOAD DATA LOCAL INFILE.
  -b, --no-beep       Turn off beep on error.
  -h, --host=name     Connect to host.
  -H, --html          Produce HTML output.
  -X, --xml           Produce XML output.
  --line-numbers      Write line numbers for errors.
                      (Defaults to on; use --skip-line-numbers to disable.)
  -L, --skip-line-numbers
                      Don't write line number for errors.
  -n, --unbuffered    Flush buffer after each query.
  --column-names      Write column names in results.
                      (Defaults to on; use --skip-column-names to disable.)
  -N, --skip-column-names
                      Don't write column names in results.
  --sigint-ignore     Ignore SIGINT (CTRL-C).
  -o, --one-database  Ignore statements except those that occur while the
                      default database is the one named at the command line.
  --pager[=name]      Pager to use to display results. If you don't supply an
                      option, the default pager is taken from your ENV variable
                      PAGER. Valid pagers are less, more, cat [> filename],
                      etc. See interactive help (\h) also. This option does not
                      work in batch mode. Disable with --disable-pager. This
                      option is disabled by default.
  -p, --password[=name]
                      Password to use when connecting to server. If password is
                      not given it's asked from the tty.
  -P, --port=#        Port number to use for connection or 0 for default to, in
                      order of preference, my.cnf, $MYSQL_TCP_PORT,
                      /etc/services, built-in default (3306).
  --progress-reports  Get progress reports for long running commands (like
                      ALTER TABLE)
                      (Defaults to on; use --skip-progress-reports to disable.)
  --prompt=name       Set the mysql prompt to this value.
  --protocol=name     The protocol to use for connection (tcp, socket, pipe,
                      memory).
  -q, --quick         Don't cache result, print it row by row. This may slow
                      down the server if the output is suspended. Doesn't use
                      history file.
  -r, --raw           Write fields without conversion. Used with --batch.
  --reconnect         Reconnect if the connection is lost. Disable with
                      --disable-reconnect. This option is enabled by default.
                      (Defaults to on; use --skip-reconnect to disable.)
  -s, --silent        Be more silent. Print results with a tab as separator,
                      each row on new line.
  -S, --socket=name   The socket file to use for connection.
  --ssl               Enable SSL for connection (automatically enabled with
                      other flags).
  --ssl-ca=name       CA file in PEM format (check OpenSSL docs, implies
                      --ssl).
  --ssl-capath=name   CA directory (check OpenSSL docs, implies --ssl).
  --ssl-cert=name     X509 cert in PEM format (implies --ssl).
  --ssl-cipher=name   SSL cipher to use (implies --ssl).
  --ssl-key=name      X509 key in PEM format (implies --ssl).
  --ssl-crl=name      Certificate revocation list (implies --ssl).
  --ssl-crlpath=name  Certificate revocation list path (implies --ssl).
  --ssl-verify-server-cert
                      Verify server's "Common Name" in its cert against
                      hostname used when connecting. This option is disabled by
                      default.
  -t, --table         Output in table format.
  --tee=name          Append everything into outfile. See interactive help (\h)
                      also. Does not work in batch mode. Disable with
                      --disable-tee. This option is disabled by default.
  -u, --user=name     User for login if not current user.
  -U, --safe-updates  Only allow UPDATE and DELETE that uses keys.
  -U, --i-am-a-dummy  Synonym for option --safe-updates, -U.
  -v, --verbose       Write more. (-v -v -v gives the table output format).
  -V, --version       Output version information and exit.
  -w, --wait          Wait and retry if connection is down.
  --connect-timeout=# Number of seconds before connection timeout.
  --max-allowed-packet=#
                      The maximum packet length to send to or receive from
                      server.
  --net-buffer-length=#
                      The buffer size for TCP/IP and socket communication.
  --select-limit=#    Automatic limit for SELECT when using --safe-updates.
  --max-join-size=#   Automatic limit for rows in a join when using
                      --safe-updates.
  --secure-auth       Refuse client connecting to server if it uses old
                      (pre-4.1.1) protocol.
  --server-arg=name   Send embedded server this as a parameter.
  --show-warnings     Show warnings after every statement.
  --plugin-dir=name   Directory for client-side plugins.
  --default-auth=name Default authentication client-side plugin to use.
  --binary-mode       Binary mode allows certain character sequences to be
                      processed as data that would otherwise be treated with a
                      special meaning by the parser. Specifically, this switch
                      turns off parsing of all client commands except \C and
                      DELIMITER in non-interactive mode (i.e., when binary mode
                      is combined with either 1) piped input, 2) the --batch
                      mysql option, or 3) the 'source' command). Also, in
                      binary mode, occurrences of '\r\n' and ASCII '\0' are
                      preserved within strings, whereas by default, '\r\n' is
                      translated to '\n' and '\0' is disallowed in user input.

Variables (--variable-name=value)
and boolean options {FALSE|TRUE}  Value (after reading options)
--------------------------------- ----------------------------------------
abort-source-on-error             FALSE
auto-rehash                       TRUE
auto-vertical-output              FALSE
binary-as-hex                     FALSE
character-sets-dir                (No default value)
column-type-info                  FALSE
comments                          FALSE
compress                          FALSE
debug-check                       FALSE
debug-info                        FALSE
database                          (No default value)
default-character-set             utf8mb4
delimiter                         ;
vertical                          FALSE
force                             FALSE
named-commands                    FALSE
ignore-spaces                     FALSE
init-command                      (No default value)
local-infile                      FALSE
no-beep                           FALSE
host                              (No default value)
html                              FALSE
xml                               FALSE
line-numbers                      TRUE
unbuffered                        FALSE
column-names                      TRUE
sigint-ignore                     FALSE
port                              0
progress-reports                  FALSE
prompt                            \N [\d]>
quick                             FALSE
raw                               FALSE
reconnect                         FALSE
socket                            /var/run/mysqld/mysqld.sock
ssl                               FALSE
ssl-ca                            (No default value)
ssl-capath                        (No default value)
ssl-cert                          (No default value)
ssl-cipher                        (No default value)
ssl-key                           (No default value)
ssl-crl                           (No default value)
ssl-crlpath                       (No default value)
ssl-verify-server-cert            FALSE
table                             FALSE
user                              root
safe-updates                      FALSE
i-am-a-dummy                      FALSE
connect-timeout                   0
max-allowed-packet                16777216
net-buffer-length                 16384
select-limit                      1000
max-join-size                     1000000
secure-auth                       FALSE
show-warnings                     FALSE
plugin-dir                        (No default value)
default-auth                      (No default value)
binary-mode                       FALSE
”: command not found
root@myserver:~# ±------+
±------+: command not found
root@myserver:~# | twoFA |
-bash: syntax error near unexpected token `|'
root@myserver:~# ±------+
±------+: command not found
root@myserver:~# | 0 |
-bash: syntax error near unexpected token `|'
root@myserver:~# ±------+

I remember I was changed the root password of mysql , but with that password this command not working

Need your help emergency

I have the same issue and same result by using the above mentioned solution.
I am unable to login to my account. Please help me.