[SOLVED] Remove OTP Authentication via SSH

Alvks

New Member
Jun 1, 2019
20
1
1
30
I tried following the last section here: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication#Disabling_OATH_2FA_authentication

Unfortunately, the /etc/pve/domains.cfg file does NOT even exist on my server. How can I disable this via SSH? I lost my phone that had the Google Authenticator app keys.

EDIT: This has been solved with the help of Vladimir Bulgaru. We ended up creating a new admin user via SSH, used that account to log into the web interface (no 2FA needed since it was only enabled on root), then turned off 2FA on root.
 
Last edited:
  • Like
Reactions: PJBear
Should be there, though.
Are you sure you're logged into Proxmox and not a guest VM?
The file with TFA looks like this:
Code:
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
        tfa type=oath
You need to have it like this:
Code:
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
If you are certain that you're connected to Proxmox and the directory is not empty by checking:
Code:
ls -l /etc/pve
then you can create the file and edit it:
Code:
touch /etc/pve/domains.cfg && nano /etc/pve/domains.cfg
by copying the content from above and saving. You may need to reboot the OS after.
 
Should be there, though.
Are you sure you're logged into Proxmox and not a guest VM?
The file with TFA looks like this:
Code:
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
        tfa type=oath
You need to have it like this:
Code:
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
If you are certain that you're connected to Proxmox and the directory is not empty by checking:
Code:
ls -l /etc/pve
then you can create the file and edit it:
Code:
touch /etc/pve/domains.cfg && nano /etc/pve/domains.cfg
by copying the content from above and saving. You may need to reboot the OS after.

Nope, I am 100% on my Proxmox server. I cannot post what the output of ls -la is because this forum prevents new user spam lol....

I rebooted, opened my Proxmox web interface, and still get asked for an OTP code.
 
I tried following the last section here: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication#Disabling_OATH_2FA_authentication

Unfortunately, the /etc/pve/domains.cfg file does NOT even exist on my server. How can I disable this via SSH? I lost my phone that had the Google Authenticator app keys.

EDIT: This has been solved with the help of Vladimir Bulgaru. We ended up creating a new admin user via SSH, used that account to log into the web interface (no 2FA needed since it was only enabled on root), then turned off 2FA on root.
I am having the exact same issue no Domains.cfg - I am definately on the Proxmox machine - how did you addadd a new admin?
 
I have a question about this topic. I'm testing disabling TOTP 2FA via root@pve (root login boot console) in case TOTP somehow goes wrong. This is on a free test machine. And I didn't find this file "/etc/pve/domains.cfg" where this line " tfa type=oath" should be deleted, is there someone who could spare me a moment or write a way to do the deactivation? Thank you
This is my "ls"
1725432142991.png
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!