Resetting and Setting the ROOT Password

Core Knowledge

Have you ever had this happen to you? You get a used Juniper device and plug it in only to find that the root password was not reset prior to your purchase. This of course can freak some people out who have never worked on Juniper but this is actually an easy fix. As long as you have console access to the device then the root password can be reset very easily.

The root password however CANNOT be recovered, but only reset. So if you forgot the previous password or you’re trying to figure out what the previous password was than you’re truly wasting your time as the password is stored in a salted MD5 Hash format. The following configuration example is what you would expect to see from a pre-existing set root password;

root> show config
## Last commit: 2013-12-05 20:11:04 UTC by root
version 12.1R8.4;
system {
    root-authentication {
        encrypted-password "$1$JXMhLwpN$cZ0.A33BhDtO0wFpmRKU.."; ## SECRET-DATA
    }

There may be other reasons why you need to reset the root password on a Juniper device such as you just simply forgot or perhaps the engineer that knew the password left the company and did not pass on the operational knowledge. This of course is extremely disrespectful however it does happen a lot more than you’d think.

The Password Reset Procedure

When it comes to actually resetting the password, the process is very simple. You must first have console access to the device that you’re attempting to reset the root password on. You can only reset the root password on the console. You must also have the ability to power cycle the device. So if you have a terminal server that has console access but no way to power cycle the device than you’re down on your luck. You cannot reboot a Juniper device that is already booted without logging into the device using the root account or a super-user account.

Once you have established a console session into a device and power cycled the device you will notice the during the boot process the bootloader will say the following;

Hit [Enter] to boot immediately, or space bar for command prompt.

This is where you would press space bar. This prompt can occur very quickly so you may not get it in the first attempt but once you are able to successfully break the bootloader and get into the “ok” command prompt you’ll then need to execute the following command;

ok boot -s

The device will continue to boot and once booted and it will pause during the middle of the boot process prompting you with the following screen where you must type in recovery and press enter;

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

Once the device has completed booting you’ll be automatically placed into CLI mode and you’ll need to navigate to configuration mode in the CLI to set the new password. This is done by typing config at the CLI prompt like so;

root@vSRX_R1> config

Once in Junos Config mode you’ll then execute the set system root-authentication plain-text-password command where you will be prompted to enter a password and re-enter the same password for confirmation as shown below;

root@vSRX_R1# set system root-authentication plain-text-password
New password: juniper1
Retype new password:

[edit]
root@vSRX_R1#

Once successfully confirmed, you will then need to save the configuration using the commit command and exit configuration mode and reboot the device using the request system reboot command as demonstrated below;

root@vSRX_R1# commit
commit complete

[edit]
root@vSRX_R1# exit
Exiting configuration mode

root@vSRX_R1> request system reboot
Reboot the system ? [yes,no] (no) yes

Once the device has rebooted you may then log into the Juniper device using the root username and the password previously set in the recovery process.

The main thing to remember is breaking the boot process using the spacebar and booting the device using boot -s from there the Juniper device will boot and tell you how to start the recovery process and once completely booted it display a list of commands needed to reset the root password. This is shown in the example given below;

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
.
.
NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE:    configure
NOTE:    set system root-authentication plain-text-password
NOTE:    (enter the new password when asked)
NOTE:    commit
NOTE:    exit
NOTE:    exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system

Starting CLI ...
root@vSRX_R1>

Lab Prerequisites

Prior to attempting this lab you must have a Juniper device that you need to reset the password on. This device can be a J Series Router, EX Series Switch or SRX platform. This device can also be a vSRX Firefly.

You need to establish a console session with the device in question and must be able to power cycle the device. For hardware based devices this can be as easy as un-plugging and plugging the device back in. As for Juniper Firefly vSRX, you can manually reset the power to the device through the virtualization hypervisor such as VMWare Workstation or VirtualBox.

Lab Objectives

Before you Continue

It is recommended that you attempt to complete these lab objectives the first time without looking at the Lab Instruction section.

If you are a student preparing for the Juniper JNCIA Certification Exam than you are more likely to remember how to complete these objectives if you attempt to complete them the first time on your own with the use of the core knowledge section found in this lab. You should only resort to the Lab Instruction section to verify your work.

Lab Instruction

Please note that the password recovery procedure performed in this lab instruction is being demonstrated on the Juniper Firefly vSRX Platform running on VMWare Workstation 10.0

• Perform the ROOT password reset procedure on the Juniper device that you’ve consoled into.

Consoles: serial port
BIOS drive A: is disk0
BIOS drive C: is disk1
BIOS 638kB/2095040kB available memory

FreeBSD/i386 bootstrap loader, Revision 1.2
(slt-builder@slt-junos19.juniper.net, Fri Nov  8 19:21:39 PST 2013)
Loading /boot/defaults/loader.conf
/kernel text=0x8e17d8 data=0x4f550+0x101bec syms=[0x4+0x99f40+0x4+0xdbaa1]
/boot/modules/if_em.ko text=0x150e4 data=0x79c+0x14
/boot/modules/libmbpool.ko text=0xd9c data=0x100
/boot/modules/if_em_vjx.ko text=0xb94c data=0x600+0x204 /
/boot/modules/virtio.ko text=0x21f8 data=0x1f8 syms=[0x4+0x7e0+0x4+0x972]
/boot/modules/virtio_pci.ko text=0x2e98 data=0x208+0x8 syms=[0x4+0x8f0+0x4+0xb22]
/boot/modules/virtio_blk.ko text=0x2a08 data=0x1f0+0xc syms=[0x4+0x960+0x4+0xa0f]
/boot/modules/if_vtnet.ko text=0x5ff4 data=0x380+0x10 syms=[0x4+0xde0+0x4+0xf0f]
/boot/modules/if_vtnet_vsrx.ko text=0x1d34 data=0x480+0x304 syms=[0x4+0x7b0+0x4+0xa41]


Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel] in 1 second...

Type '?' for a list of commands, 'help' for more detailed help.
OK boot -s
platform_early_bootinit: Early Boot Initialization
GDB: debug ports: sio
GDB: current port: sio
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1996-2013, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
JUNOS 12.1I20131108_srx_12q1_x46_intgr.0-613414 #0: 2013-11-09 05:08:59 UTC
    slt-builder@slt-junos19.juniper.net:/volume/build/junos/DEV_SRX_12Q1_X46_INTGR_BRANCH/20131108.0/obj-i386/junos/bsd/kernels/VSRX/kernel
acpi_alloc_wakeup_handler: can't alloc wake memory
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz (3599.91-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x206d7  Stepping = 7
  Features=0xfabfbff
  Features2=0x82982203,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,,>
  AMD Features=0x28100000
  AMD Features2=0x1
real memory  = 2147483648 (2048 MB)
avail memory = 1016868864 (969 MB)
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
 cpu0 (BSP): APIC ID:  0
 cpu1 (AP): APIC ID:  1
MADT: Forcing active-low polarity and level trigger for SCI
ioapic0  irqs 0-23 on motherboard
netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
Initializing VSRX platform properties ..
acpi0:  on motherboard
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pci0:  on pcib0
pcib1:  at device 1.0 on pci0
pci1:  on pcib1
isab0:  at device 7.0 on pci0
isa0:  on isab0
atapci0:  port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1060-0x106f at device 7.1 on pci0
ata0:  on atapci0
ata1:  on atapci0
smb0:  port 0x1040-0x104f at device 7.3 on pci0
smb0: controller initialization failed
pci cmd reg = 0x0001, SMB host conf = 0x00
pci0:  at device 7.7 (no driver attached)
pci0:  at device 15.0 (no driver attached)
pcib2:  at device 17.0 on pci0
pci2:  on pcib2
em0:  port 0x2000-0x203f mem 0xef540000-0xef55ffff,0xefff0000-0xefffffff irq 18 at device 0.0 on pci2
em1:  port 0x2040-0x207f mem 0xef520000-0xef53ffff,0xeffe0000-0xeffeffff irq 19 at device 1.0 on pci2
em2:  port 0x2080-0x20bf mem 0xef500000-0xef51ffff,0xeffd0000-0xeffdffff irq 17 at device 3.0 on pci2
em3:  port 0x20c0-0x20ff mem 0xef4e0000-0xef4fffff,0xeffc0000-0xeffcffff irq 18 at device 4.0 on pci2
em4:  port 0x2400-0x2407 mem 0xef4c0000-0xef4dffff,0xeffb0000-0xeffbffff irq 19 at device 5.0 on pci2
em5:  port 0x2408-0x240f mem 0xef4a0000-0xef4bffff,0xeffa0000-0xeffaffff irq 16 at device 6.0 on pci2
em6:  port 0x2410-0x2417 mem 0xef480000-0xef49ffff,0xeff90000-0xeff9ffff irq 17 at device 7.0 on pci2
em7:  port 0x2418-0x241f mem 0xef460000-0xef47ffff,0xeff80000-0xeff8ffff irq 18 at device 8.0 on pci2
em8:  port 0x2420-0x2427 mem 0xef440000-0xef45ffff,0xeff70000-0xeff7ffff irq 19 at device 9.0 on pci2
em9:  port 0x2428-0x242f mem 0xef420000-0xef43ffff,0xeff60000-0xeff6ffff irq 16 at device 10.0 on pci2
pcib3:  at device 21.0 on pci0
pci3:  on pcib3
pcib4:  at device 21.1 on pci0
pci4:  on pcib4
pcib5:  at device 21.2 on pci0
pci5:  on pcib5
pcib6:  at device 21.3 on pci0
pci6:  on pcib6
pcib7:  at device 21.4 on pci0
pci7:  on pcib7
pcib8:  at device 21.5 on pci0
pci8:  on pcib8
pcib9:  at device 21.6 on pci0
pci9:  on pcib9
pcib10:  at device 21.7 on pci0
pci10:  on pcib10
pcib11:  at device 22.0 on pci0
pci11:  on pcib11
pcib12:  at device 22.1 on pci0
pci12:  on pcib12
pcib13:  at device 22.2 on pci0
pci13:  on pcib13
pcib14:  at device 22.3 on pci0
pci14:  on pcib14
pcib15:  at device 22.4 on pci0
pci15:  on pcib15
pcib16:  at device 22.5 on pci0
pci16:  on pcib16
pcib17:  at device 22.6 on pci0
pci17:  on pcib17
pcib18:  at device 22.7 on pci0
pci18:  on pcib18
pcib19:  at device 23.0 on pci0
pci19:  on pcib19
pcib20:  at device 23.1 on pci0
pci20:  on pcib20
pcib21:  at device 23.2 on pci0
pci21:  on pcib21
pcib22:  at device 23.3 on pci0
pci22:  on pcib22
pcib23:  at device 23.4 on pci0
pci23:  on pcib23
pcib24:  at device 23.5 on pci0
pci24:  on pcib24
pcib25:  at device 23.6 on pci0
pci25:  on pcib25
pcib26:  at device 23.7 on pci0
pci26:  on pcib26
pcib27:  at device 24.0 on pci0
pci27:  on pcib27
pcib28:  at device 24.1 on pci0
pci28:  on pcib28
pcib29:  at device 24.2 on pci0
pci29:  on pcib29
pcib30:  at device 24.3 on pci0
pci30:  on pcib30
pcib31:  at device 24.4 on pci0
pci31:  on pcib31
pcib32:  at device 24.5 on pci0
pci32:  on pcib32
pcib33:  at device 24.6 on pci0
pci33:  on pcib33
pcib34:  at device 24.7 on pci0
pci34:  on pcib34
acpi_acad0:  on acpi0
cpu0:  on acpi0
acpi_throttle0:  on cpu0
cpu1:  on acpi0
acpi_throttle1:  on cpu1
acpi_throttle1: failed to attach P_CNT
device_attach: acpi_throttle1 attach returned 6
atkbdc0:  port 0x60,0x64 irq 1 on acpi0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
psm0:  irq 12 on atkbdc0
psm0: model IntelliMouse, device ID 3
sio0: <16550A-compatible COM port> port 0x3f8-0x3ff irq 4 flags 0x90 on acpi0
sio0: type 16550A, console
sio1: <16550A-compatible COM port> port 0x2f8-0x2ff irq 3 on acpi0
sio1: type 16550A
orm0:  at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xc9000-0xc9fff,0xca000-0xcafff,0xcb000-0xcbfff,0xcc000-0xccfff,0xcd000-0xcdfff,0xce000-0xcefff,0xcf000-0xcffff,0xd0000-0xd0fff,0xd1000-0xd1fff,0xdc000-0xdffff,0xe0000-0xe7fff on isa0
vga0:  at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0:  at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio3: configured irq 7 not in bitmap of probed irqs 0
sio3: port may not be enabled
Initializing product: 131 ..
###PCB Group initialized for udppcbgroup
###PCB Group initialized for tcppcbgroup
ad0: 2048MB  at ata0-master UDMA33
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/ad0s1a
Attaching /cf/packages/junos via /dev/mdctl...
Mounted junos package on /dev/md0...
Booting single-user
** /dev/ad0s1a
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 705697 free (25 frags, 176418 blocks, 0.0% fragmentation)
** /dev/bo0s1e
FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 102776 free (0 frags, 25694 blocks, 0.0% fragmentation)
System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

Performing system setup ...
Loading configuration ...
mgd: commit complete
Setting initial options: .
Starting optional daemons: .
Doing initial network setup:.
Initial interface configuration:
CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory
CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory
CHASSISD_IOCTL_FAILURE: i2c_jid_ctrl_read_err: IIC_IOCTL_SUPPRESS_ERROR for i2c jid read (Inappropriate ioctl for device)
CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory
CHASSISD_FILE_OPEN: File open: /dev/smb, error: 2 -- No such file or directory
additional daemons: eventd.
Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /boot/modules;/modules/peertype;/modules/ifpfe_drv;/modules/ifpfe_media;/modules/platform;/modules;
kld netpfe media: ifpfem_bri ifpfem_ds0 ifpfem_ds1e1 ifpfem_ds3e3kld netpfe drv: ifpfed_atm ifpfed_controller ifpfed_dialer ifpfed_ds0 ifpfed_ds1e1 ifpfed_ds3e3 ifpfed_eia530 ifpfed_eth ifpfed_irb ifpfed_isdn ifpfed_ism ifpfed_lt ifpfed_ml_cmn ifpfed_ml_ha ifpfed_modemKLD ifpfed_modem.ko: depends on ucom - not available
kldload: can't load /modules/ifpfe_drv/ifpfed_modem.ko: No such file or directory
 ifpfed_ppeer ifpfed_pppoe ifpfed_st ifpfed_svcs ifpfed_vp ifpfed_vtkld platform: fileassoc if_em if_em_vjx if_vtnet if_vtnet_vsrx ifpfem_xdsl ixp j_ifpfe virtio virtio_blk virtio_pcikld peertype: peertype_fwdd peertype_pfpc peertype_slavere ipsec kld resrsv.
Doing additional network setup:.
Starting final network daemons:.
setting ldconfig path: /usr/lib /opt/lib
ldconfig: /opt/lib: ignoring directory not owned by root
starting standard daemons: cron.
Initial rc.i386 initialization:.

 Lock Manager
RDM Embedded 7 [04-Aug-2006] http://www.birdstep.com
Copyright (c) 1992-2006 Birdstep Technology, Inc.  All Rights Reserved.

Unix Domain sockets Lock manager
Lock manager 'lockmgr' started successfully.
Error: Profile database dictionary file missing.
Profile database initialized
Local package initialization:.
starting local daemons:set cores for group access
.
Sun Dec 15 16:28:09 UTC 2013
Running recovery script ...
machdep.bootsuccess: 0 -> 0

Performing initialization of management services ...

Performing checkout of management services ...

NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE:    configure
NOTE:    set system root-authentication plain-text-password
NOTE:    (enter the new password when asked)
NOTE:    commit
NOTE:    exit
NOTE:    exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system

Starting CLI ...
root@vSRX_R1> configure
Entering configuration mode

[edit]
root@vSRX_R1# set system root-authentication plain-text-password
New password: juniper1          <-- NOTICE: The password will not show when typing
Retype new password: juniper1   <-- NOTICE: The password will not show when typing

[edit]
root@vSRX_R1# commit
commit complete

[edit]
root@vSRX_R1# exit
Exiting configuration mode

root@vSRX_R1> request system reboot
Reboot the system ? [yes,no] (no) yes

• After you have reset the ROOT password, verify your procedure by rebooting and logging into the device using the root credentials.

>>BOOT PROCESS TRUNCATED <<
.
Sun Dec 15 17:20:51 UTC 2013

vSRX_R1 (ttyd0)

login: root
Password: juniper1   <-- NOTICE: The password will not show when typing

--- JUNOS 12.1I20131108_srx_12q1_x46_intgr.0-613414 built 2013-11-09 05:08:59 UTC

root@vSRX_R1%