Hello. We can log in to the application with TOTP authentication. However, when the TOTP application is deleted from the phone, we do not see the QR code to receive the code again. When TOTP is reinstalled on the phone, it wants to read the QR code. But once the system logs in, it always asks for a verification code without sending the QR code.
Afaik, thereâs no way to retrieve the QR-code, respectively the TOTP-key, once you finished setting up TOTP. However, there are multiple ways to prevent yourself from being locked outâŠ
-
Generate and download the backup codes after you have set-up TOTP and store them at a secure location, i.e. in a password manager like KeePass. These codes can be used to log in without using the phone app.
Once you logged-in by using a backup code you can generate a new TOTP-key / QR-code, and set-up the phone app again.
-
When setting up TOTP in Nextcloud, copy the TOTP-key and / or screenshot the QR-code and save them at a secure location. By doing so you could use the same key again, in case you have to re-install the phone app.
-
Use a phone app that supports backing up the TOTP-keys. I use Aegis Authenticator.
1 Like
Just in case this was not just a general question, but you or another user are currently in this situation, and you need to disable TOTP for that user. You can do so by using the following occ commad:
occ twofactorauth:disable <username> totp
After that the user should be able to log-in without TOTP, and can then generate a new TOTP-key.
1 Like
Ah and I forgot, there is also the twofactor_admin app which allows admins to generate a one-time code for users to log into a 2FA protected account.
This command is not working.âCommand âoccâ not found, but there are 21 similar ones.â Iâm getting an error like.
App âTwo-Factor WebAuthnâ cannot be installed because the following dependencies are not fulfilled: The library gmp is not available.
One of my users is locked out and cannot log in. How can I, as an admin, help him? These solutions did not work.
You have to run the command inside your Nextcloud directory as the http / webserver user.
Example command for Debian/Ubuntu based systems:
sudo -u www-data php /path/to/nextcloud/occ twofactorauth:disable <username> totp
Replace /path/to/nextcloud with the actual path to your nextcloud folder.
Looks like the corresponding PHP module is not installed, so you need to install it. The exact name of the package depends on the Linux distribution and the PHP version you are using.
Example command for Debian/Ubuntu based systems:
sudo apt install php-gmp
âŠor if you are using a specfic PHP version from a third party repo:
sudo apt install php8.2-gmp
Replace 8.2 with your actual version.
I am encountering these results. This application cannot be made passive.
root@cloudserver:/home/bayuserftp# sudo -u www-data php /var/www/html/nextcloud/occ twofactorauth:disable isilaycicek totp
Invalid UID
root@cloudserver:/home/bayuserftp# sudo -u www-data php /var/www/html/nextcloud/occ twofactorauth:disable totp
bash: isilaycicek: No such file or directory
root@cloudserver:/home/bayuserftp#
On what OS / distribution are you running Nextcloud, and how did you install it?
Welcome to Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-86-generic x86_64)
- Documentation: https://help.ubuntu.com
- Management: https://landscape.canonical.com
- Support: Ubuntu Pro | Ubuntu
System information as of Wed Oct 25 13:47:03 +03 2023
System load: 0.1162109375 Processes: 340
Usage of /: 10.0% of 195.80GB Users logged in: 0
Memory usage: 4%
Swap usage: 0%
-
Strictly confined Kubernetes makes edge and IoT secure. Learn how MicroK8s
just raised the bar for easy, resilient and secure K8s cluster deployment.
Expanded Security Maintenance for Applications is not enabled.
13 updates can be applied immediately.
3 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
Enable ESM Apps to receive additional future security updates.
See Ubuntu Expanded Security Maintenance | Security | Ubuntu or run: sudo pro status
And how did you install Nextcloud? Manually, Snap package, Docker, other container format�
Ultimately, you need to find a way to run the occ script which is located in the Nextcloud installation directory. The exact command depends on the installation method and where the Nextcloud directory is located.
I donât know how it was installed, my friend installed it, but I show the nextcloud directory below.
root@cloudserver:/var/www/html# ls -l
total 16
-rw-râr-- 1 root root 10918 Oct 27 2021 index.html
drwxr-xr-x 15 www-data www-data 4096 Oct 20 11:47 nextcloud
We installed it manually.
Not sure why the occ command isnât working then. As I said, the occ script should be in the Nextcloud installation folder. Did you check if the path you sed in your command correct and the occ file is actually there?