Temporarily turn off SSH 2FA
This is probably a pretty easy/stupid question for those who have dealt with it but I'm always wary of screwing around with stuff that can lock me out of a server so I will ask it anyway...
I need to temporarily turn off SSH 2FA so that I can transfer some accounts using the WHM transfer tool.
If I go into sshd_config and set this:
ChallengeResponseAuthentication no
Plus go into pam.d/sshd and comment out the line:
auth required pam_google_authenticator.so nullok
I understand that that will disable 2FA for SSH. However, if once the transfer is completed if I reverse the process and turn those back on will my old code generator on my phone continue to work as it always did or will I have to "resync" it somehow in order to get valid codes?
-
Sorry to bump but does anyone know the answer to this? 0 -
Hello, This is a pretty good idea to have implemented though essentially this is why we use SSH Keys rather than password auth, but because this isn't related to cPanel software it's more of an OS level implementation. There are a ton of tutorials on how to do this including a great one from Digital Ocean here: 0 -
I know how to turn it on. I also know how to turn it off. I've read through all the tutorials out there about this but none of them answer the basic question I was asking... If I temporarily turn it off and then turn it back on do I have to set up my authenticator app all over again with a new code? 0
Please sign in to leave a comment.
Comments
3 comments