题
I have Webmin installed on 5 or 6 servers but a few months back decided to install two-factor authentication for logging into Webmin using Google Authenticator app on my phone.
To my surprise, I lost all my tokens in the Google Authenticator app when I changed phones. This actually happen to me twice. I have rebuilt everything everywhere else but can no longer log into Webmin on this one server.
I tried searching Google to death but no answers. I tried uninstalling Webmin and re-installing using RPM.
After re-installing Webmin it just keeps the same settings which means I still need the Google Auth token which is no longer on my phone.
Any ideas?
Should I try to break the Oauth module I think it needs to work or will this cause me more problems?
解决方案 2
Even Simpler Fix:
0:0:totp:HBL7W4RTG8T6FG8W:
The "HBL7W4RTG8T6FG8W" between the colons is your KEY for Google Auth!
When using Google authenticator you can enter a KEY or use QR Code. Just create a new Google auth account and use THAT KEY.
DONE! No need to restart anything.
Enjoy! C0l. P.
其他提示
Fond this here: http://sourceforge.net/p/webadmin/discussion/600155/thread/512d81e9/
Go into this file /etc/webmin/miniserv.conf, delete this line: twofactor_provider=totp
And, in /etc/webmin/miniserv.users, there is this line. root:x:0:::::::0:0:totp:HBL7W4RTG8T6FG8W:
I just deleted the totp so the line read: root:x:0:::::::0:0::HBL7W4RTG8T6FG8W:
Saved the file and restarted webmin: service webmin restart.
I could then log back in with un/pw and generated my QR code.
Run the following to remove two factor authentication:
https://stackoverflow.com/questions/22676508
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansed -i 's/totp//g' /etc/webmin/miniserv.users
sed -i '/twofactor_provider=totp/d' /etc/webmin/miniserv.conf
/etc/init.d/webmin restart
I realise this is a little late but I thought I'd post it nonetheless for anyone who is interested.
The entry in /etc/webmin/miniserv.users should be a TOTP secret in Base32 format.
So to log in simply run :
oathtool --totp -b 'SECRET' -v
Where SECRET is the code between the quotes and it will spit out your Two-factor token enabling you to log in.
The -b says your giving it the SECRET in Base32 (Hex is the default).
Then goto "Webmin->webmin Users" to disable TFA and re-enable it in the normal way.
Or if you want, you can use "qrencode" to re-create your google-authenticator setup without having to change the secret (handy if a group are sharing the same SECRET ...bad idea!! but this will save your bacon if one of you gets locked out).
$ qrencode -o ~/.totp-key.png "otpauth://totp/?secret=BASE 32 SECRET&issuer=Your name, etc."
NB. "oathtool" using the -v option allows you to see the SECRET in both Base32 and HEX so you can use either as necessary to setup any TFA app. Also ensure that the machine you use has it's time sync'd correctly!
QED.
I disabled 2FA, then I was unable to login, not only from webmin from ssh with password as well.
I applied @Todd 's advice, after restarting webmin I was totally unable to see the main login page.
Luckily I had some other session already open. I used the command below to change the password for root user, restarted webmin, all was ok.
/usr/share/webmin/changepass.pl /etc/webmin root myNewPassword
Note: Apply at your own risk. I had backups, so I did not need to worry. My server OS is Ubuntu 14.04
