Tags

, ,


I can imagine that is how I looked when I got my “new” Juniper SRX from (insert favorite auction site) and booted it the first time.  All ready to play with my new toy – lab some new ideas – and boom, it has a password on it already.  Grrrr….
Since I had to recover the root password, figured I would post the procedure here in case others are looking for it.  Not only in case others are looking for it, the next time that I need it as well! 🙂
So the first thing we need to do here is to make sure the device is powered off and we have a console cable connected to it.  I will assume you know how to use your terminal program and access the console already for this post otherwise I suspect you would not be here.
Now that you are connected we can go ahead and power the SRX on and watch it boot.   In order to boot the system into single user mode, we need to press the space bar when prompted. It will be right at this point in the boot process – right when you see Hit [Enter} to boot immediately, or space bar for command prompt.  Here you need to press the SPACE BAR quick to interrupt the boot process.

FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.5
(slt-builder@slt-junos15.juniper.net, Tue Apr 2 12:36:46 PDT 2013)
Memory: 2048MB
[0]Booting from nand-flash slice 1
Un-Protected 1 sectors
writing to flash…
Protected 1 sectors
Loading /boot/defaults/loader.conf
/kernel data=0xb99284+0x13c8b4 syms=[0x4+0x91b00+0x4+0xd5dfb]

Hit [Enter] to boot immediately, or space bar for command prompt

From here you will be presented with a loader>  prompt.  Go ahead and enter boot -s to boot the system in single user mode. This will allow you to boot the system and change the password.

Hit [Enter] to boot immediately, or space bar for command prompt.

Type ‘?’ for a list of commands, ‘help’ for more detailed help.
loader> boot -s

From here the system will continue to boot for a bit.  Eventually, you will be presented with an option to enter the recovery mode by entering recovery.  Take notice that this also disables the system watchdog timer (this process monitors the services and will take appropriate actions if a service has failed or stops.)

System watchdog timer disabled
Enter full pathname of shell or ‘recovery’ for root password recovery or RETURN for /bin/sh: recovery

The system will now continue to boot, eventually getting coming up to a root> prompt

FILE SYSTEM CLEAN; SKIPPING CHECKS
clean, 241102 free (46 frags, 30132 blocks, 0.0% fragmentation)
Thu Sep 28 01:15:41 UTC 2017
Running recovery script …
machdep.bootsuccess: 1 -> 1

Performing initialization of management services …

Performing checkout of management services …

NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the ‘configure’ command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE: configure
NOTE: set system root-authentication plain-text-password
NOTE: (enter the new password when asked)
NOTE: commit
NOTE: exit
NOTE: exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system

Starting CLI …
root>

One here you may now enter edit mode and set a new root password. Once you have set the password, go ahead and commit it and then reboot.  At that time your new root password will allow you to access the device.

root> edit
Entering configuration mode

[edit]
root# set system root-authentication plain-text-password
New password: juniper123
Retype new password: juniper123

[edit]
root# commit and-quit
commit complete
Exiting configuration mode

root> request system reboot in 0
Reboot the system in 0? [yes,no] (no) yes

Shutdown NOW!
[pid 1651]

When the router reboots, you will need to press the space-bar to get into the loader> prompt to re-enable the watchdog service using the command watchdog enable and then you can boot the SRX by issuing boot.

Hit [Enter] to boot immediately, or space bar for command prompt.

Type ‘?’ for a list of commands, ‘help’ for more detailed help.
loader> watchdog enable
loader> boot

Once it has finished booting, you should be able to log in as root with your new password.

Amnesiac (ttyu0)

login: root
Password:

— JUNOS 12.3X48-D45.6 built 2017-02-19 01:11:50 UTC
root@%

That is all there is to it.  Not as simple as confreg 0x2142 in Cisco, but still not too bad.