Disabling two-step authentication when access to the time codes is lost

Disabling two-step authentication when access to the time codes is lost


You may need to disable two-step authentication (hereinafter - 2FA) if for some reason it is not possible to enter a temporary code from the application. 


Disabling 2FA without a time code will be different for the "root" user and a normal user, but in both cases, you will need to log in as root in the server console.

If you do not have access to the ispmanager panel as the "root" user, please contact your server administrator or your hosting provider and provide them with these instructions.

For the root user

To disable 2FA for the "root" user, connect to the server via SSH under the "root" user and enter the following command:

/usr/local/mgr5/sbin/mgrctl -m ispmgr usrparam elid=root disable_totp=on sok=ok

For normal users

To disable 2FA for other users, you must delete an entry in the panel database.

Connect to the server via SSH as root and connect to the panel database:

For SQLite

sqlite3 /usr/local/mgr5/etc/ispmgr.db


mysql ispmgr


Then run a query to delete the user data from the table "totp":

DELETE from totp where user=<user-name>;

where <username-user> is the username to login into the system.


For example, a request to delete the data of user "www-root" would look like this:

DELETE from totp where user=www-root;


It may be necessary to check the presence of user data in the "totp" table. This can be done using the following command:

select user,id from totp;


Be careful, deleting records from the database is irreversible.

Ensure that the user name or id and the table name are spelled correctly before deletion.

Alternative authorization method

Alternatively, you can authorize in the panel by generating a temporary key.

In this case, 2FA is disabled in the settings for the particular user through the panel’s web interface.