Questions about enabling Two-Factor Authentication

FrankP

• March 05, 2019 10:31

Hello, I was looking forward enabling 2FA for some accounts on my WHM server, i created accounts by creating domains such as username.user because in the documentation about creating a domainless user there was a warning discouraging people from creating those for administrator accounts as it may break something so i am unsure it was appliable for what i wanted to do so enlightenment on this matter would be appreciated but my main question was : On this page Two-Factor Authentication for WHM - Version 74 Documentation - cPanel Documentation There is a warning telling : Warning: This feature may cause some third-party applications to break significantly, and may cause applications to improperly store data. I wanted to know if turning on 2fa and enabling it only on my username.user accounts could potentially present any risks for my other account's websites. Also, can I enable 2FA on my root account and what would be my strategy if it's 2nd factor was to break? Can other accounts deactivate 2fa for root? Thank you very much for your time. If something is unclear feel free to try and reform my question as english is not my first language.

• 

  cPanelMichael

  • March 05, 2019 16:52

  Hello @FrankP,

  I wanted to know if turning on 2fa and enabling it only on my username.user accounts could potentially present any risks for my other account's websites.

  
  Two Factor Authentication is only applicable with cPanel and WHM logins at this time. It's not enforced when logging in to other services (e.g. SSH, FTP). Enabling it will not restrict access to individual websites served via Apache.

  Also, can I enable 2FA on my root account and what would be my strategy if it's 2nd factor was to break? Can other accounts deactivate 2fa for root?

  
  You could access the server via SSH as root and disable 2FA using the command below: whmapi1 twofactorauth_disable_policy
  Let me know if you have any additional questions. Thanks!

  0
• 

  FrankP

  • March 05, 2019 18:02

  @cPanelMichael Thank you, So i guess activating the 2FA for the root account isnt really giving an additionnal layer of security unless SSH was only possible from some IPs then?

  0
• 

  cPanelMichael

  • March 05, 2019 18:18

  Thank you, So i guess activating the 2FA for the root account isnt really giving an additionnal layer of security unless SSH was only possible from some IPs then?

  
  Hello @FrankP, It adds an additional layer of security to cPanel & WHM access attempts, but it's not applicable to SSH. If you'd like to secure SSH, check out the tips on the document below: How to Secure SSH - cPanel Knowledge Base - cPanel Documentation Thank you.

  0
• 

  xxwillc

  • March 07, 2019 12:14

  Hi new to the forum here I had 2fa on whm tried to disabled it by ssh mv -v /var/cpanel/authn/twofactor_auth/tfa_userdata.json{,.bak}; echo "{}" >> /var/cpanel/authn/twofactor_auth/tfa_userdata.json now i'm stuck with err500

  0
• 

  cPanelMichael

  • March 07, 2019 16:00

  Hello @xxwillc, You can run the following command to disable two-factor authentication: whmapi1 twofactorauth_disable_policy
  Thank you.

  0

Please sign in to leave a comment.