[SOLVED] Remove OTP Authentication via SSH

A

Alvks

New Member
Jun 1, 2019
20
1
1
30
I tried following the last section here: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication#Disabling_OATH_2FA_authentication

Unfortunately, the /etc/pve/domains.cfg file does NOT even exist on my server. How can I disable this via SSH? I lost my phone that had the Google Authenticator app keys.

EDIT: This has been solved with the help of Vladimir Bulgaru. We ended up creating a new admin user via SSH, used that account to log into the web interface (no 2FA needed since it was only enabled on root), then turned off 2FA on root.
 
Last edited:
  • Like
Reactions: PJBear
Should be there, though.
Are you sure you're logged into Proxmox and not a guest VM?
The file with TFA looks like this:
Code: 
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
        tfa type=oath
You need to have it like this:
Code: 
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
If you are certain that you're connected to Proxmox and the directory is not empty by checking:
Code: 
ls -l /etc/pve
then you can create the file and edit it:
Code: 
touch /etc/pve/domains.cfg && nano /etc/pve/domains.cfg
by copying the content from above and saving. You may need to reboot the OS after.
 
Vladimir Bulgaru said:
Should be there, though.
Are you sure you're logged into Proxmox and not a guest VM?
The file with TFA looks like this:
Code: 
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
        tfa type=oath
You need to have it like this:
Code: 
pve: pve
        comment Proxmox VE authentication server

pam: pam
        comment Linux PAM standard authentication
        default 1
If you are certain that you're connected to Proxmox and the directory is not empty by checking:
Code: 
ls -l /etc/pve
then you can create the file and edit it:
Code: 
touch /etc/pve/domains.cfg && nano /etc/pve/domains.cfg
by copying the content from above and saving. You may need to reboot the OS after.
Click to expand...

Nope, I am 100% on my Proxmox server. I cannot post what the output of ls -la is because this forum prevents new user spam lol....

I rebooted, opened my Proxmox web interface, and still get asked for an OTP code.
 
Alvks said:
I tried following the last section here: https://pve.proxmox.com/wiki/OATH(TOTP)_Authentication#Disabling_OATH_2FA_authentication

Unfortunately, the /etc/pve/domains.cfg file does NOT even exist on my server. How can I disable this via SSH? I lost my phone that had the Google Authenticator app keys.

EDIT: This has been solved with the help of Vladimir Bulgaru. We ended up creating a new admin user via SSH, used that account to log into the web interface (no 2FA needed since it was only enabled on root), then turned off 2FA on root.
Click to expand...
I am having the exact same issue no Domains.cfg - I am definately on the Proxmox machine - how did you addadd a new admin?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back