Most people who have purchased Juniper devices off eBay have had this happen to them. Soon as they get it and plug it in, the root password is set and the seller does not know what it is. This lab will discuss and demonstrate how to reset the root password for J Series, SRX and EX Series Devices.
Have you ever had this happen to you? You get a used Juniper device and plug it in only to find that the root password was not reset prior to your purchase. This of course can freak some people out who have never worked on Juniper but this is actually an easy fix. As long as you have console access to the device then the root password can be reset very easily.
The root password however CANNOT be recovered, but only reset. So if you forgot the previous password or you’re trying to figure out what the previous password was than you’re truly wasting your time as the password is stored in a salted MD5 Hash format. The following configuration example is what you would expect to see from a pre-existing set root password;
root> show config
## Last commit: 2013-12-05 20:11:04 UTC by root
version 12.1R8.4;
system {
root-authentication {
encrypted-password "$1$JXMhLwpN$cZ0.A33BhDtO0wFpmRKU.."; ## SECRET-DATA
}
There may be other reasons why you need to reset the root password on a Juniper device such as you just simply forgot or perhaps the engineer that knew the password left the company and did not pass on the operational knowledge. This of course is extremely disrespectful however it does happen a lot more than you’d think.
When it comes to actually resetting the password, the process is very simple. You must first have console access to the device that you’re attempting to reset the root password on. You can only reset the root password on the console. You must also have the ability to power cycle the device. So if you have a terminal server that has console access but no way to power cycle the device than you’re down on your luck. You cannot reboot a Juniper device that is already booted without logging into the device using the root account or a super-user account.
Once you have established a console session into a device and power cycled the device you will notice the during the boot process the bootloader will say the following;
Hit [Enter] to boot immediately, or space bar for command prompt.
This is where you would press space bar. This prompt can occur very quickly so you may not get it in the first attempt but once you are able to successfully break the bootloader and get into the “ok” command prompt you’ll then need to execute the following command;
ok boot -s
The device will continue to boot and once booted and it will pause during the middle of the boot process prompting you with the following screen where you must type in recovery and press enter;
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
Once the device has completed booting you’ll be automatically placed into CLI mode and you’ll need to navigate to configuration mode in the CLI to set the new password. This is done by typing config at the CLI prompt like so;
root@vSRX_R1> config
Once in Junos Config mode you’ll then execute the set system root-authentication plain-text-password command where you will be prompted to enter a password and re-enter the same password for confirmation as shown below;
root@vSRX_R1# set system root-authentication plain-text-password New password: juniper1 Retype new password: [edit] root@vSRX_R1#
Once successfully confirmed, you will then need to save the configuration using the commit command and exit configuration mode and reboot the device using the request system reboot command as demonstrated below;
root@vSRX_R1# commit commit complete [edit] root@vSRX_R1# exit Exiting configuration mode root@vSRX_R1> request system reboot Reboot the system ? [yes,no] (no) yes
Once the device has rebooted you may then log into the Juniper device using the root username and the password previously set in the recovery process.
The main thing to remember is breaking the boot process using the spacebar and booting the device using boot -s from there the Juniper device will boot and tell you how to start the recovery process and once completely booted it display a list of commands needed to reset the root password. This is shown in the example given below;
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
.
.
NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE: configure
NOTE: set system root-authentication plain-text-password
NOTE: (enter the new password when asked)
NOTE: commit
NOTE: exit
NOTE: exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system
Starting CLI ...
root@vSRX_R1>
Prior to attempting this lab you must have a Juniper device that you need to reset the password on. This device can be a J Series Router, EX Series Switch or SRX platform. This device can also be a vSRX Firefly.
You need to establish a console session with the device in question and must be able to power cycle the device. For hardware based devices this can be as easy as un-plugging and plugging the device back in. As for Juniper Firefly vSRX, you can manually reset the power to the device through the virtualization hypervisor such as VMWare Workstation or VirtualBox.
It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.
If you are a student preparing for the Juniper JNCIA Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.
Please note that the password recovery procedure performed in this lab instruction is being demonstrated on the Juniper Firefly vSRX Platform running on VMWare Workstation 10.0
Consoles: serial port BIOS drive A: is disk0 BIOS drive C: is disk1 BIOS 638kB/2095040kB available memory FreeBSD/i386 bootstrap loader, Revision 1.2 (slt-builder@slt-junos19.juniper.net, Fri Nov 8 19:21:39 PST 2013) Loading /boot/defaults/loader.conf /kernel text=0x8e17d8 data=0x4f550+0x101bec syms=[0x4+0x99f40+0x4+0xdbaa1] /boot/modules/if_em.ko text=0x150e4 data=0x79c+0x14 /boot/modules/libmbpool.ko text=0xd9c data=0x100 /boot/modules/if_em_vjx.ko text=0xb94c data=0x600+0x204 / /boot/modules/virtio.ko text=0x21f8 data=0x1f8 syms=[0x4+0x7e0+0x4+0x972] /boot/modules/virtio_pci.ko text=0x2e98 data=0x208+0x8 syms=[0x4+0x8f0+0x4+0xb22] /boot/modules/virtio_blk.ko text=0x2a08 data=0x1f0+0xc syms=[0x4+0x960+0x4+0xa0f] /boot/modules/if_vtnet.ko text=0x5ff4 data=0x380+0x10 syms=[0x4+0xde0+0x4+0xf0f] /boot/modules/if_vtnet_vsrx.ko text=0x1d34 data=0x480+0x304 syms=[0x4+0x7b0+0x4+0xa41] Hit [Enter] to boot immediately, or space bar for command prompt. Booting [/kernel] in 1 second... Type '?' for a list of commands, 'help' for more detailed help. OK boot -s platform_early_bootinit: Early Boot Initialization GDB: debug ports: sio GDB: current port: sio KDB: debugger backends: ddb gdb KDB: current backend: ddb Copyright (c) 1996-2013, Juniper Networks, Inc. All rights reserved. Copyright (c) 1992-2006 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. JUNOS 12.1I20131108_srx_12q1_x46_intgr.0-613414 #0: 2013-11-09 05:08:59 UTC slt-builder@slt-junos19.juniper.net:/volume/build/junos/DEV_SRX_12Q1_X46_INTGR_BRANCH/20131108.0/obj-i386/junos/bsd/kernels/VSRX/kernel acpi_alloc_wakeup_handler: can't alloc wake memory Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz (3599.91-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x206d7 Stepping = 7 Features=0xfabfbffFeatures2=0x82982203 ,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT, , > AMD Features=0x28100000 AMD Features2=0x1 real memory = 2147483648 (2048 MB) avail memory = 1016868864 (969 MB) ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 MADT: Forcing active-low polarity and level trigger for SCI ioapic0 irqs 0-23 on motherboard netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1 Initializing VSRX platform properties .. acpi0: on motherboard acpi0: Power Button (fixed) Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 pcib1: at device 1.0 on pci0 pci1: on pcib1 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1060-0x106f at device 7.1 on pci0 ata0: on atapci0 ata1: on atapci0 smb0: port 0x1040-0x104f at device 7.3 on pci0 smb0: controller initialization failed pci cmd reg = 0x0001, SMB host conf = 0x00 pci0: at device 7.7 (no driver attached) pci0: at device 15.0 (no driver attached) pcib2: at device 17.0 on pci0 pci2: on pcib2 em0: port 0x2000-0x203f mem 0xef540000-0xef55ffff,0xefff0000-0xefffffff irq 18 at device 0.0 on pci2 em1: port 0x2040-0x207f mem 0xef520000-0xef53ffff,0xeffe0000-0xeffeffff irq 19 at device 1.0 on pci2 em2: port 0x2080-0x20bf mem 0xef500000-0xef51ffff,0xeffd0000-0xeffdffff irq 17 at device 3.0 on pci2 em3: port 0x20c0-0x20ff mem 0xef4e0000-0xef4fffff,0xeffc0000-0xeffcffff irq 18 at device 4.0 on pci2 em4: port 0x2400-0x2407 mem 0xef4c0000-0xef4dffff,0xeffb0000-0xeffbffff irq 19 at device 5.0 on pci2 em5: port 0x2408-0x240f mem 0xef4a0000-0xef4bffff,0xeffa0000-0xeffaffff irq 16 at device 6.0 on pci2 em6: port 0x2410-0x2417 mem 0xef480000-0xef49ffff,0xeff90000-0xeff9ffff irq 17 at device 7.0 on pci2 em7: port 0x2418-0x241f mem 0xef460000-0xef47ffff,0xeff80000-0xeff8ffff irq 18 at device 8.0 on pci2 em8: port 0x2420-0x2427 mem 0xef440000-0xef45ffff,0xeff70000-0xeff7ffff irq 19 at device 9.0 on pci2 em9: port 0x2428-0x242f mem 0xef420000-0xef43ffff,0xeff60000-0xeff6ffff irq 16 at device 10.0 on pci2 pcib3: at device 21.0 on pci0 pci3: on pcib3 pcib4: at device 21.1 on pci0 pci4: on pcib4 pcib5: at device 21.2 on pci0 pci5: on pcib5 pcib6: at device 21.3 on pci0 pci6: on pcib6 pcib7: at device 21.4 on pci0 pci7: on pcib7 pcib8: at device 21.5 on pci0 pci8: on pcib8 pcib9: at device 21.6 on pci0 pci9: on pcib9 pcib10: at device 21.7 on pci0 pci10: on pcib10 pcib11: at device 22.0 on pci0 pci11: on pcib11 pcib12: at device 22.1 on pci0 pci12: on pcib12 pcib13: at device 22.2 on pci0 pci13: on pcib13 pcib14: at device 22.3 on pci0 pci14: on pcib14 pcib15: at device 22.4 on pci0 pci15: on pcib15 pcib16: at device 22.5 on pci0 pci16: on pcib16 pcib17: at device 22.6 on pci0 pci17: on pcib17 pcib18: at device 22.7 on pci0 pci18: on pcib18 pcib19: at device 23.0 on pci0 pci19: on pcib19 pcib20: at device 23.1 on pci0 pci20: on pcib20 pcib21: at device 23.2 on pci0 pci21: on pcib21 pcib22: at device 23.3 on pci0 pci22: on pcib22 pcib23: at device 23.4 on pci0 pci23: on pcib23 pcib24: at device 23.5 on pci0 pci24: on pcib24 pcib25: at device 23.6 on pci0 pci25: on pcib25 pcib26: at device 23.7 on pci0 pci26: on pcib26 pcib27: at device 24.0 on pci0 pci27: on pcib27 pcib28: at device 24.1 on pci0 pci28: on pcib28 pcib29: at device 24.2 on pci0 pci29: on pcib29 pcib30: at device 24.3 on pci0 pci30: on pcib30 pcib31: at device 24.4 on pci0 pci31: on pcib31 pcib32: at device 24.5 on pci0 pci32: on pcib32 pcib33: at device 24.6 on pci0 pci33: on pcib33 pcib34: at device 24.7 on pci0 pci34: on pcib34 acpi_acad0: on acpi0 cpu0: on acpi0 acpi_throttle0: on cpu0 cpu1: on acpi0 acpi_throttle1: on cpu1 acpi_throttle1: failed to attach P_CNT device_attach: acpi_throttle1 attach returned 6 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 psm0: irq 12 on atkbdc0 psm0: model IntelliMouse, device ID 3 sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x90 on acpi0 sio0: type 16550A, console sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0 sio1: type 16550A orm0: at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xc9000-0xc9fff,0xca000-0xcafff,0xcb000-0xcbfff,0xcc000-0xccfff,0xcd000-0xcdfff,0xce000-0xcefff,0xcf000-0xcffff,0xd0000-0xd0fff,0xd1000-0xd1fff,0xdc000-0xdffff,0xe0000-0xe7fff on isa0 vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio3: configured irq 7 not in bitmap of probed irqs 0 sio3: port may not be enabled Initializing product: 131 .. ###PCB Group initialized for udppcbgroup ###PCB Group initialized for tcppcbgroup ad0: 2048MB at ata0-master UDMA33 SMP: AP CPU #1 Launched! Trying to mount root from ufs:/dev/ad0s1a Attaching /cf/packages/junos via /dev/mdctl... Mounted junos package on /dev/md0... Booting single-user ** /dev/ad0s1a FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 705697 free (25 frags, 176418 blocks, 0.0% fragmentation) ** /dev/bo0s1e FILE SYSTEM CLEAN; SKIPPING CHECKS clean, 102776 free (0 frags, 25694 blocks, 0.0% fragmentation) System watchdog timer disabled Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery Performing system setup ... Loading configuration ... mgd: commit complete Setting initial options: . Starting optional daemons: . Doing initial network setup:. Initial interface configuration: CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory CHASSISD_IOCTL_FAILURE: i2c_jid_ctrl_read_err: IIC_IOCTL_SUPPRESS_ERROR for i2c jid read (Inappropriate ioctl for device) CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory additional daemons: eventd. Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/modules/peertype;/modules/ifpfe_drv;/modules/ifpfe_media;/modules/platform;/modules; kld netpfe media: ifpfem_bri ifpfem_ds0 ifpfem_ds1e1 ifpfem_ds3e3kld netpfe drv: ifpfed_atm ifpfed_controller ifpfed_dialer ifpfed_ds0 ifpfed_ds1e1 ifpfed_ds3e3 ifpfed_eia530 ifpfed_eth ifpfed_irb ifpfed_isdn ifpfed_ism ifpfed_lt ifpfed_ml_cmn ifpfed_ml_ha ifpfed_modemKLD ifpfed_modem.ko: depends on ucom - not available kldload: can't load /modules/ifpfe_drv/ifpfed_modem.ko: No such file or directory ifpfed_ppeer ifpfed_pppoe ifpfed_st ifpfed_svcs ifpfed_vp ifpfed_vtkld platform: fileassoc if_em if_em_vjx if_vtnet if_vtnet_vsrx ifpfem_xdsl ixp j_ifpfe virtio virtio_blk virtio_pcikld peertype: peertype_fwdd peertype_pfpc peertype_slavere ipsec kld resrsv. Doing additional network setup:. Starting final network daemons:. setting ldconfig path: /usr/lib /opt/lib ldconfig: /opt/lib: ignoring directory not owned by root starting standard daemons: cron. Initial rc.i386 initialization:. Lock Manager RDM Embedded 7 [04-Aug-2006] http://www.birdstep.com Copyright (c) 1992-2006 Birdstep Technology, Inc. All Rights Reserved. Unix Domain sockets Lock manager Lock manager 'lockmgr' started successfully. Error: Profile database dictionary file missing. Profile database initialized Local package initialization:. starting local daemons:set cores for group access . Sun Dec 15 16:28:09 UTC 2013 Running recovery script ... machdep.bootsuccess: 0 -> 0 Performing initialization of management services ... Performing checkout of management services ... NOTE: Once in the CLI, you will need to enter configuration mode using NOTE: the 'configure' command to make any required changes. For example, NOTE: to reset the root password, type: NOTE: configure NOTE: set system root-authentication plain-text-password NOTE: (enter the new password when asked) NOTE: commit NOTE: exit NOTE: exit NOTE: When you exit the CLI, you will be asked if you want to reboot NOTE: the system Starting CLI ... root@vSRX_R1> configure Entering configuration mode [edit] root@vSRX_R1# set system root-authentication plain-text-password New password: juniper1 <-- NOTICE: The password will not show when typing Retype new password: juniper1 <-- NOTICE: The password will not show when typing [edit] root@vSRX_R1# commit commit complete [edit] root@vSRX_R1# exit Exiting configuration mode root@vSRX_R1> request system reboot Reboot the system ? [yes,no] (no) yes
>>BOOT PROCESS TRUNCATED << . Sun Dec 15 17:20:51 UTC 2013 vSRX_R1 (ttyd0) login: root Password: juniper1 <-- NOTICE: The password will not show when typing --- JUNOS 12.1I20131108_srx_12q1_x46_intgr.0-613414 built 2013-11-09 05:08:59 UTC root@vSRX_R1%