Juniper root password recovery

One of the things that we all have faced at least one time per life is to lose our password. It could be an email password, Amazon password, or any other type of passwords. Also, administrators may forget the password of the root account of Juniper Junos device. And you know if you cannot login to the Juniper router anymore as a superuser, then you are not able to configure it, change configuration, do troubleshooting etc.

For this reason, Juniper provides us a way to recover the password without losing the current configuration on the router. Let me show you how you can do that.

I am still connected using the console cable to the console port. First thing you need to do is to reboot the router and wait until you reach to the below highlighted in red level and then press couple of times the space on the keyboard. This will lead you to go to the loader from where you can start the process of password recovery:

Initializing memory this may take some time…

Measured DDR clock 266.62 MHz

SRX_210HE2 board revision major:1, minor:6, serial #: ACKR5761

OCTEON CN5020-SCP pass 1.1, Core clock: 600 MHz, DDR clock: 266 MHz (532 Mhz data rate)

DRAM:  2048 MB

Starting Memory POST…

Checking datalines… OK

Checking address lines… OK

Checking 512K memory for U-Boot… OK.

Running U-Boot CRC Test… OK.

Flash:  4 MB

USB:   scanning bus for devices… 3 USB Device(s) found

scanning bus for storage devices… 1 Storage Device(s) found

Clearing DRAM…….. done

BIST check passed.

Starting PCI

PCI Status: PCI 32-bit

PCI BAR 0: 0xf8000000, PCI BAR 1: Memory 0x00000000  PCI 0x00000000

Boot Media: nand-flash usb

Net:   octeth0

POST Passed

Press SPACE to abort autoboot in 1 seconds

ELF file is 32 bit

Loading .text @ 0x8f0000a0 (246560 bytes)

Loading .rodata @ 0x8f03c3c0 (14144 bytes)

Loading .reginfo @ 0x8f03fb00 (24 bytes)

Loading .rodata.str1.4 @ 0x8f03fb18 (16516 bytes)

Loading set_Xcommand_set @ 0x8f043b9c (96 bytes)

Loading .rodata.cst4 @ 0x8f043bfc (20 bytes)

Loading .data @ 0x8f044000 (5744 bytes)

Loading @ 0x8f045670 (120 bytes)

Loading .data.rel @ 0x8f0456e8 (136 bytes)

Clearing .bss @ 0x8f045770 (11600 bytes)

## Starting application at 0x8f0000a0 …

Consoles: U-Boot console

Found compatible API, ver. 2.5

FreeBSD/MIPS U-Boot bootstrap loader, Revision 2.5

(, Tue Apr  2 12:36:46 PDT 2013)

Memory: 2048MB

[1]Booting from nand-flash slice 2

Un-Protected 1 sectors

writing to flash…

Protected 1 sectors

Loading /boot/defaults/loader.conf

/kernel data=0xb027a0+0x134470 syms=[0x4+0x8a870+0x4+0xc8c74]

Hit [Enter] to boot immediately, or space bar for command prompt.

Type ‘?’ for a list of commands, ‘help’ for more detailed help.


Once you enter to the loader, you can write “?” to see what commands you can use.

loader> ?

Available commands:

watchdog         enable or disable kernel watchdog

bcachestat       get disk block cache stats

boot                boot a file or loaded kernel

autoboot         boot automatically after a delay

help               detailed help

?                    list commands

show             show variable(s)

set                 set a variable

unset             unset a variable

echo              echo arguments

read              read input from the terminal

more             show contents of a file

nextboot        set next boot device

lsdev            list all devices

install          install JunOS

include        read commands from a file

ls                 list files

load             load a kernel or module

unload         unload all modules

lsmod          list loaded modules

export          export variables to U-Boot environment

save             save U-Boot environment

I will choose “boot -s”:

loader> boot -s

This will take me to the recovery mode where I can do the recovery of the password.

It will load a lot of things on the console emulator screen then reach to this level:


System watchdog timer disabled

Enter full pathname of shell or ‘recovery’ for root password recovery or RETURN for /bin/sh:

Now all you need to do is to write “recovery” to be able to recover the root password.


System watchdog timer disabled

Enter full pathname of shell or ‘recovery’ for root password recovery or RETURN for /bin/sh: recovery

Also here you have to wait a bit as there will be many things loading on the screen.

In some Juniper routers it may ask you to put the new password that you want, and in some other it takes you to the root operational mode. In my router, it took me to the root operational mode:

root@R1> edit

Entering configuration mode



I have written “edit” to go to the go to the configuration mode and now I can set the password that I want. Let’s write the command to put the password of “Juniper123456789”

root@R1# set system root-authentication plain-text-password

New password:

Retype new password:


root@R1# commit

commit complete



I have changed the password and committed the configuration so it is saved. I will log out and try to log in again after the router has been rebooted to see if the password that I used is working now.

root@R1# quit

Exiting configuration mode

root@R1> quit

Reboot the system? [y/n] y

Now my Juniper router has been rebooted successfully. Let me login using the password that I have changed it which is “Juniper123456789”:

R1 (ttyu0)

login: root


— JUNOS 12.1X44-D15.5 built 2013-06-06 18:07:29 UTC


it is working 100%. I could login and I still have the old configuration saved on the router, so only I could change the root password.

This is all what I wanted to show about Juniper root password recovery. This chapter is finished, see you in the upcoming one 😊

Course Content


Submit a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.