Two Factor Authentication
In this blog, I will explain to you how to set up Two Factor Authentication on your server and user to login to WHM.
Two Factor Authentication requires you to use two methods to prove your identity in order to login to WHM. The first is your account and password. The second is a code from an application on your smartphone. This way if someone hacks or guesses your password they still can’t go in unless they have your smartphone.
Quick!! Where is your smartphone? There is one!!
The more important thing about Two Factor Authentications that I need to tell you, Two Factor Authentication not only affects logins through the WHM and cPanel interface but it also affects the Authentication to our API.
This impacts some of the applications and plugins that third-party integrators have developed for cPanel and WHM. In cPanel and WHM version 54 we have hidden the Two Factor Authentication interfaces. However, if you have a standard cPanel and WHM installation, without any third party integration or API customization it should be safe for you to enable Two Factor Authentication. Connect to your server via SSH ask the root user and run the following command:
touch /var/cpanel/enable_twofactor_ui && /usr/local/cpanel/whostmgr/docroot/themes/x/rebuildtmpl
Now that you are ready to let’s continue!
First, let’s install the application on your smartphone. This would generate the code that you need: your server to choose from:- Google Authenticator, Duo Mobile. Authenticator. I would use Google Authenticator.
Let’s go ahead and login to WHM to set this thing up.
Here we are in the WHM interface.
Let’s scroll down to the “security center” and click “Two Factor Authentication”. The Two Factor Authentication interface appears.
The system automatically configures the issuer text box with your hostname. Two Factor Authentication is currently disabled, let’s click enable. A confirmation message will appear. To begin to click “Manage My Account” tab and then click setup Two Factor Authentication. The interface will display a QR code. Scan that with your smart phone’s camera. If that doesn’t work enter the account and key information into your smartphone application.
Your smartphone application should now display a 6 digit security code. Enter this security code into the security code text box in WHM. And click configures Two Factor Authentication. A confirmation message will appear.
Let’s log out of WHM and test this. Enter your username and password and click login to WHM.
The server now wants us to enter 6 digit security code. Now open the Two Factor Authentication on your phone and get the code. It’s different from one we configure Two Factor Authentication because the code changes every few seconds.
Then enter that code in the 2FA login interface and click continue and we are in the WHM interface.
To run Two Factor Authentication from our account: let’s scroll down to “Security Configuration” and click Two Factor Authentication. The Two Factor Authentication interface appears. Click the “Manage My Account” tab. Click Remove Two Factor Authentication and confirm that you want to remove it.
A confirmation message will appear.
You no longer need the Two Factor Application code or application to login to WHM.
cPanel users can use Two Factor Authentication to login to cPanel but we will go there in another blog.
You can manage Two Factor Authentication for the users on your server with the manage users tab. You might need to do this if your customer loses a smartphone and you can confirm that it’s them that needs to get into the account. We can see that user example has Two Factor Authentication on their account. To disable Two Factor Authentication for then lets click disable and click to confirm that we wish to disable Two Factor Authentication for the Example user and done. To disable Two Factor Authentication on the server click the switch ‘On’ and a confirmation message will appear.