Can't access security code to log into WHM

Linode Staff

I no longer have the phone I used for my 2FA security codes, and now I can't access WHM. Is there a way to reset or disable 2FA so I can login?

1 Reply

Two-factor authentication can be disabled via the command line using the WHM API 1 interface. Alternatively you can locate the secret key and configure the new phone without making changes to your settings in WHM. I'll demonstrate both methods.

WHM API 1 Interface:

Login via SSH, either as root or a user with sudo privileges:

$ ssh user@$IPADDRESS$

Make the call to disable the 2FA policy:

whmapi1 twofactorauth_disable_policy
---
metadata:
  command: twofactorauth_disable_policy
  reason: OK
  result: 1
  version: 1

Secret Key:

Locate the JSON file that contains your 2FA secret. Manually enter this key into the authentication app on your new phone. This is my preferred method, as it restores access without ever disabling 2FA.

cat /var/cpanel/authn/twofactor_auth/tfa_userdata.json
{"root":{"secret":"$SECRETKEY$"}}

You should be all set from here!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct