One of the things that we all have faced at least one time per life is to lose our password. It could be an email password, Amazon password, or any other type of passwords. Also, administrators may forget the password of the root account of Juniper Junos device. And you know if you cannot login to the Juniper router anymore as a superuser, then you are not able to configure it, change configuration, do troubleshooting etc.
For this reason, Juniper provides us a way to recover the password without losing the current configuration on the router. Let me show you how you can do that.
I am still connected using the console cable to the console port. First thing you need to do is to reboot the router and wait until you reach to the below highlighted in red level and then press couple of times the space on the keyboard. This will lead you to go to the loader from where you can start the process of password recovery:
Initializing memory this may take some time…
Measured DDR clock 266.62 MHz
SRX_210HE2 board revision major:1, minor:6, serial #: ACKR5761
OCTEON CN5020-SCP pass 1.1, Core clock: 600 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM: 2048 MB
Starting Memory POST…
Checking datalines… OK
Checking address lines… OK
Checking 512K memory for U-Boot… OK.
Running U-Boot CRC Test… OK.
Flash: 4 MB
USB: scanning bus for devices… 3 USB Device(s) found
scanning bus for storage devices… 1 Storage Device(s) found
Clearing DRAM…….. done
BIST check passed.
Starting PCI
PCI Status: PCI 32-bit
PCI BAR 0: 0xf8000000, PCI BAR 1: Memory 0x00000000 PCI 0x00000000
Boot Media: nand-flash usb
Net: octeth0
POST Passed
Press SPACE to abort autoboot in 1 seconds
ELF file is 32 bit
Loading .text @ 0x8f0000a0 (246560 bytes)
Loading .rodata @ 0x8f03c3c0 (14144 bytes)
Loading .reginfo @ 0x8f03fb00 (24 bytes)
Loading .rodata.str1.4 @ 0x8f03fb18 (16516 bytes)
Loading set_Xcommand_set @ 0x8f043b9c (96 bytes)
Loading .rodata.cst4 @ 0x8f043bfc (20 bytes)
Loading .data @ 0x8f044000 (5744 bytes)
Loading .data.rel.ro @ 0x8f045670 (120 bytes)
Loading .data.rel @ 0x8f0456e8 (136 bytes)
Clearing .bss @ 0x8f045770 (11600 bytes)
## Starting application at 0x8f0000a0 …
Consoles: U-Boot console
Found compatible API, ver. 2.5
FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.5
(slt-builder@slt-junos15.juniper.net, Tue Apr 2 12:36:46 PDT 2013)
Memory: 2048MB
[1]Booting from nand-flash slice 2
Un-Protected 1 sectors
writing to flash…
Protected 1 sectors
Loading /boot/defaults/loader.conf
/kernel data=0xb027a0+0x134470 syms=[0x4+0x8a870+0x4+0xc8c74]
Hit [Enter] to boot immediately, or space bar for command prompt.
Type ‘?’ for a list of commands, ‘help’ for more detailed help.
loader>
Once you enter to the loader, you can write “?” to see what commands you can use.
loader> ?
Available commands:
watchdog enable or disable kernel watchdog
bcachestat get disk block cache stats
boot boot a file or loaded kernel
autoboot boot automatically after a delay
help detailed help
? list commands
show show variable(s)
set set a variable
unset unset a variable
echo echo arguments
read read input from the terminal
more show contents of a file
nextboot set next boot device
lsdev list all devices
install install JunOS
include read commands from a file
ls list files
load load a kernel or module
unload unload all modules
lsmod list loaded modules
export export variables to U-Boot environment
save save U-Boot environment
I will choose “boot -s”:
loader> boot -s
This will take me to the recovery mode where I can do the recovery of the password.
It will load a lot of things on the console emulator screen then reach to this level:
***** FILE SYSTEM MARKED CLEAN *****
System watchdog timer disabled
Enter full pathname of shell or ‘recovery’ for root password recovery or RETURN for /bin/sh:
Now all you need to do is to write “recovery” to be able to recover the root password.
***** FILE SYSTEM MARKED CLEAN *****
System watchdog timer disabled
Enter full pathname of shell or ‘recovery’ for root password recovery or RETURN for /bin/sh: recovery
Also here you have to wait a bit as there will be many things loading on the screen.
In some Juniper routers it may ask you to put the new password that you want, and in some other it takes you to the root operational mode. In my router, it took me to the root operational mode:
root@R1> edit
Entering configuration mode
[edit]
root@R1#
I have written “edit” to go to the go to the configuration mode and now I can set the password that I want. Let’s write the command to put the password of “Juniper123456789”
root@R1# set system root-authentication plain-text-password
New password:
Retype new password:
[edit]
root@R1# commit
commit complete
[edit]
root@R1#
I have changed the password and committed the configuration so it is saved. I will log out and try to log in again after the router has been rebooted to see if the password that I used is working now.
root@R1# quit
Exiting configuration mode
root@R1> quit
Reboot the system? [y/n] y
Now my Juniper router has been rebooted successfully. Let me login using the password that I have changed it which is “Juniper123456789”:
R1 (ttyu0)
login: root
Password:
— JUNOS 12.1X44-D15.5 built 2013-06-06 18:07:29 UTC
root@R1%
it is working 100%. I could login and I still have the old configuration saved on the router, so only I could change the root password.
This is all what I wanted to show about Juniper root password recovery. This chapter is finished, see you in the upcoming one 😊
0 Comments