Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Questions about enabling Two-Factor Authentication

Discussion in 'Security' started by FrankP, Mar 5, 2019.

  1. FrankP

    FrankP Registered

    Joined:
    Mar 5, 2019
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Trois-Rivières, Canada
    cPanel Access Level:
    Root Administrator
    Hello,

    I was looking forward enabling 2FA for some accounts on my WHM server, i created accounts by creating domains such as username.user because in the documentation about creating a domainless user there was a warning discouraging people from creating those for administrator accounts as it may break something so i am unsure it was appliable for what i wanted to do so enlightenment on this matter would be appreciated but my main question was :

    On this page Two-Factor Authentication for WHM - Version 74 Documentation - cPanel Documentation

    There is a warning telling :
    Warning:

    This feature may cause some third-party applications to break significantly, and may cause applications to improperly store data.

    I wanted to know if turning on 2fa and enabling it only on my username.user accounts could potentially present any risks for my other account's websites.
    Also, can I enable 2FA on my root account and what would be my strategy if it's 2nd factor was to break? Can other accounts deactivate 2fa for root?

    Thank you very much for your time.
    If something is unclear feel free to try and reform my question as english is not my first language.
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,002
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @FrankP,

    Two Factor Authentication is only applicable with cPanel and WHM logins at this time. It's not enforced when logging in to other services (e.g. SSH, FTP). Enabling it will not restrict access to individual websites served via Apache.

    You could access the server via SSH as root and disable 2FA using the command below:

    Code:
    whmapi1 twofactorauth_disable_policy
    Let me know if you have any additional questions.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. FrankP

    FrankP Registered

    Joined:
    Mar 5, 2019
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Trois-Rivières, Canada
    cPanel Access Level:
    Root Administrator
    @cPanelMichael
    Thank you, So i guess activating the 2FA for the root account isnt really giving an additionnal layer of security unless SSH was only possible from some IPs then?
     
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,002
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @FrankP,

    It adds an additional layer of security to cPanel & WHM access attempts, but it's not applicable to SSH. If you'd like to secure SSH, check out the tips on the document below:

    How to Secure SSH - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. xxwillc

    xxwillc Registered

    Joined:
    Mar 7, 2019
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Website Owner
    Hi new to the forum here

    I had 2fa on whm tried to disabled it by ssh

    mv -v /var/cpanel/authn/twofactor_auth/tfa_userdata.json{,.bak}; echo ‘{}’ >> /var/cpanel/authn/twofactor_auth/tfa_userdata.json

    now i'm stuck with err500
     
  6. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,002
    Likes Received:
    2,123
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @xxwillc,

    You can run the following command to disable two-factor authentication:

    Code:
    whmapi1 twofactorauth_disable_policy
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice