[SOLVED] Remove OTP Authentication via SSH

[Alvks]

I tried following the last section here: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication#Disabling_OATH_2FA_authentication

Unfortunately, the /etc/pve/domains.cfg file does NOT even exist on my server. How can I disable this via SSH? I lost my phone that had the Google Authenticator app keys.

EDIT: This has been solved with the help of Vladimir Bulgaru. We ended up creating a new admin user via SSH, used that account to log into the web interface (no 2FA needed since it was only enabled on root), then turned off 2FA on root.

 

[Vladimir Bulgaru]

Should be there, though.
Are you sure you're logged into Proxmox and not a guest VM?
The file with TFA looks like this:

pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
        tfa type=oath

You need to have it like this:

pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1

If you are certain that you're connected to Proxmox and the directory is not empty by checking:

ls -l /etc/pve

then you can create the file and edit it:

touch /etc/pve/domains.cfg && nano /etc/pve/domains.cfg

by copying the content from above and saving. You may need to reboot the OS after.

 

[Alvks]

Should be there, though.
Are you sure you're logged into Proxmox and not a guest VM?
The file with TFA looks like this:

pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
        tfa type=oath

You need to have it like this:

pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1

If you are certain that you're connected to Proxmox and the directory is not empty by checking:

ls -l /etc/pve

then you can create the file and edit it:

touch /etc/pve/domains.cfg && nano /etc/pve/domains.cfg

by copying the content from above and saving. You may need to reboot the OS after.

Nope, I am 100% on my Proxmox server. I cannot post what the output of ls -la is because this forum prevents new user spam lol....

I rebooted, opened my Proxmox web interface, and still get asked for an OTP code.

 

[Vladimir Bulgaru]

Nope, I am 100% on my Proxmox server. I cannot post what the output of ls -la is because this forum prevents new user spam lol....

I rebooted, opened my Proxmox web interface, and still get asked for an OTP code.

If you have Teamviewer, i can have a look.

 

[Alvks]

If you have Teamviewer, i can have a look.

I do have Teamviewer but am not going to be home for a few hours. What is your availability? Do you have Discord? PM me.

 

[PJBear]

I tried following the last section here: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication#Disabling_OATH_2FA_authentication

Unfortunately, the /etc/pve/domains.cfg file does NOT even exist on my server. How can I disable this via SSH? I lost my phone that had the Google Authenticator app keys.

EDIT: This has been solved with the help of Vladimir Bulgaru. We ended up creating a new admin user via SSH, used that account to log into the web interface (no 2FA needed since it was only enabled on root), then turned off 2FA on root.

I am having the exact same issue no Domains.cfg - I am definately on the Proxmox machine - how did you addadd a new admin?

 

[Inkognitox]

I have a question about this topic. I'm testing disabling TOTP 2FA via root@pve (root login boot console) in case TOTP somehow goes wrong. This is on a free test machine. And I didn't find this file "/etc/pve/domains.cfg" where this line " tfa type=oath" should be deleted, is there someone who could spare me a moment or write a way to do the deactivation? Thank you
This is my "ls"