2FA - Two-Factor Authentication¶
La autenticación en dos pasos o “Two-Factor Authentication” (2FA) es un mecanismo de protección de acceso al Panel de Control. Como su nombre indica, consiste en la solicitud de una doble autenticación cada vez que accedas al Panel de Control. Para hacer uso de esta funcionalidad vas a necesitar una aplicación móvil de doble autenticación, por ejemplo:
FreeOTP: download on F-droid; download on Google Play; download on App Store (iOS).
andOTP: download on F-droid; download on Google Play.
Aegis Authenticator: download on F-droid; download on Google Play.
Tofu Authenticator: download on App Store (iOS).
Activation¶
To enable Two-Factor Authentication you need to go to the Control Panel and under “System “ > “2FA “ click on “Enable Two-Factor Authentication”. You will then be prompted to scan a QR code (for this you will need one of the apps mentioned above) and indicate the token provided by the app.
Remember that once the double authentication is activated, the smartphone used will be linked to your account and will be the only one that will be able to receive the token to access the Control Panel. In case you lose access to your device, you will also be able to use the “backup tokens” to gain access.
Usage¶
Once the 2FA functionality is activated, every time you want to access the Control Panel you will have to:
First: enter your Control Panel login credentials (as you would normally do).
Secondly: you will be asked for a token (6-digit code) that will be offered by the mobile application you have used to connect to the device.
If you do not have access to this device you will be able to enter a “Backup token”. To obtain the copy of the “Backup tokens” you have to access the Control Panel and in “System” > “2FA”, in the “Backup tokens” section, click on “Show tokens”. If you do not have any backup tokens yet, click on “Generate backup tokens”. Each token is for single use only. Before using them all do not forget to generate a new set.
If you do not have backup tokens or access to the linked device, you can proceed to disable 2FA via command line as explained below.
Disabling¶
From the Control Panel¶
If at any time you want to disable the two-factor authentication functionality you can do so from the Control Panel, under “System” > “2FA”, click on “Disable Two-Factor Authentication”. You will be prompted to confirm your decision.
Using the command line¶
If you do not have access to the Control Panel you will have to access the server via ssh with the Superuser account and execute the following commands:
To access via ssh:
ssh superusuarix@miservidor.maadix.org
Get permissions of Superuser:
sudo su
Log in with Control Panel user:
sudo -u mxcp -s
Go to the Control Panel directory:
cd /usr/share/mxcp/
Activate virtual environment:
source venv3/bin/activate
Go to the directory where the file you need to execute is located:
cd maadix-cpanel
Execute the command for disabling 2FA (replace USER_CPANEL by control panel user):
./manage.py two_factor_disable USER_CPANEL
Deactivate the virtual environment:
deactivate
.Log out:
exit