The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Two Factor Authentication

Discussion in 'Security' started by LukeDouglas, Feb 16, 2016.

  1. LukeDouglas

    LukeDouglas Member

    Joined:
    Nov 22, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    I'm curious to know if anyone has encountered any problems with enabling two-factor authentication on their WHM for cPanel access by customers. Also, does this inhibit the use of Filezilla FTP?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    We don't have any open cases for issues with this feature. It's designed for the login interface of cPane/WHM, and does not apply to the FTP service.

    Thank you.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Working for me perfectly so far. I like having it enabled most of the time. There are those days I'm jumping in and out of WHM for some reason and having to add a number each time is a pain. I can live with that. Still, it might be nice to have it remember me for a period of time. For instance these forums have 2FA enabled. When you use it you can enable it to remember for 30 days.

    Someone should post a new Feature Request for that. :cool:
     
  4. LukeDouglas

    LukeDouglas Member

    Joined:
    Nov 22, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    OK. I found a link and have it setup / working on WHM as well as my own cPanel. However, it appears that you can only setup one two-factor authentication on each cPanel. Is that correct? The reason I feel you need the ability to add two different authentication is in the event that your phone is stolen or lost. If that situation happened, what would be your recovery options?
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  6. LukeDouglas

    LukeDouglas Member

    Joined:
    Nov 22, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Infopro,

    I know how to remove it. :)

    My question was concerning having multiple two-factor authentications. I manage all of my clients websites. However, some of them do log into the cPanel to check logs and manage email accounts. If I have two-factor authentication setup on cPanel with my Google Authenticator, how can they log in if they are not setup for Google Authentication?
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    A smart phone application is required, as documented here:

    cPanel Two-Factor Authentication - Documentation - cPanel Documentation

    Thank you.
     
  8. LukeDouglas

    LukeDouglas Member

    Joined:
    Nov 22, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    cPanelMichael,

    As the warden said in "Cook Hand Luke", "What we have here is a failure to communicate!".

    I know how to setup two-factor authentication as I've been using it for years. I followed the previous link, enabled it for WHM/cPanel, set it up on my WHM panel, tested and works, set it up on my own website cPanel, tested and works, both with my Google Authenticator on my 'smart' phone.

    So let's get that out of the way.

    My question was very clear. I will typically have two people able to access the cPanel. My client and me. However, I see no setup to allow multiple two-factor authentication like I have with Joomla where some administrator panel users can have two-factor enabled but front-end access does not require it.

    So by your response, "Are you saying that all anyone needs is a Google Authenticator to use the two-factor for a single cPanel setup?". I don't think that will work because my Google Authenticator is 'linked' to the cPanel two-factor setup and not my clients Google Authenticator.

    So back to my question, "How can both my client and I use two-factor authentication on a cPanel?".

    You probably have a simple answer which will make me feel like a simpleton but I would like a clear answer anyway. :)
     
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Are you saying you login using their account details? Sounds like a lot of logins to remember.

    With a cPanel account setup for 2FA to that user who owns it, and my Reseller's cPanel account that owns all accounts under him, having his 2FA setup for him (done from in WHM), and the option in Tweak Settings: "Accounts that can access a cPanel user account" set to permit: Account-Owner and cPanel User Only

    I am able to access that user's cPanel account via that Reseller's cPanel > Dashboard > Switch Account

    2FA is not used for Switch Account tool.
     
  10. LukeDouglas

    LukeDouglas Member

    Joined:
    Nov 22, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    infoPro,

    No. There is one login for every cPanel that I manage.

    I went to the link you outlined and there is no 'Switch Account' option, only a 'Switch Theme' which I'm pretty sure you were not referring to. In my WHM / Server Configuration / Tweak Settings, Accounts that can access a cPanel user account is set to 'Root, Account-Owner, and cPanel User' which is the default.

    - Please attach images to your posts -

    So why am I not getting a 'Switch Account' option?
     
    #10 LukeDouglas, Feb 18, 2016
    Last edited by a moderator: Feb 18, 2016
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You have to login to cPanel using the "root" or "reseller" password, with the account username. Thus, you won't have to disable or modify the authentication details for the individual user.

    Thank you.
     
  12. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    My Reseller has his own cPanel account, I log in to that first and then can visit all accounts owned by that Reseller via Switch Account.
     
  13. LukeDouglas

    LukeDouglas Member

    Joined:
    Nov 22, 2010
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    InfoPro and cPanelMichael,

    I logged into my cPanel directly for my root domain account, went to the dashboard and there was no 'Switch Account'. So I logged into my WHM, went to list accounts, clicked the cPanel link for my root domain account, went to the dashboard and there it was 'Switch Account'. To be honest, I had been using the original template, now called 'Retro' which does not have the 'Switch Account' feature. Now that I have moved to the Paper Lantern on all of my clients cPanel, it does display if I go in via my WHM panel, even on other clients cPanels, not just the root. Nice to know. Now I can just log into a cPanel via WHM and change the cPanel account to whatever client I'm working on while still having their own 2FA setup. Very Nice!!! :)

    Thanks for explaining this. Even old dog's can learn new tricks. ;)

     
  14. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,468
    Likes Received:
    196
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Great news then! Happy to help.
     
Loading...

Share This Page