JunOS: How to recover root password for Junos versions 4.X or above
Summary:
How to recover root password for Junos versions 4.X or above
Problem or Goal:
How to recover root password
Solution:
Summary of steps:
- Get console access
- Power up the system
- Enter pathname
- The system will boot up
- Configuration Mode
- For routers running Junos 5.X and above
- Reboot the system
- From console, interrupt the boot routine:
Hit [Enter] to boot immediately, or any other key for command prompt. Booting [kernel] in 9 seconds... < Press the space bar at this point > - Enter into single-user mode:
Type '?' for a list of commands, 'help' for more detailed help. ok boot -s - If you have the following system output, enter
recovery,hit enter and skip to step 8.Otherwise continue with next step.
System watchdog timer disabled Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery - Enter the shell:
System watchdog timer disabled Jan 1 00:36:47 init: /etc/spwd.db: No such file or directory Enter full pathname of shell or RETURN for /bin/sh: - Mount the virtual file systems (for Junos 5.4 and above, it is not necessary to mount the jbase package, however the other packages still need to be mounted):
NOTE: to go to multi-user operation, exit the single-user shell (with ^D) # cd /packages # ./mount.jbase Mounted jbase package on /dev/vn1... # ./mount.jkernel Mounted jkernel package on /dev/vn2... # ./mount.jroute Mounted jroute package on /dev/vn3... - Enter recovery mode:
# /usr/libexec/ui/recovery-mode
- Enter configuration mode and change the root authentication password:
root> configure Entering configuration mode [edit] root# set system root-authentication plain-text-password New password: Retype new password: - Commit the changes, and exit configuration mode
[edit] root # commit commit complete [edit] root@router# exit Exiting configuration mode root@router> exit - Exit recovery mode and enter ‘y’ when prompted to reboot the system:
Reboot the system? [y/n] y TerminatedThe system now reboots and changes made to root authentication are activated.
- For routers running Junos 4.X.
- Obtain console access
- Power off the system and boot it up in single user mode. This is done by typing “-s” at the boot: prompt.
Example:
>> BOOT @ 0x10000: 639/64512 k of memory, serial/dual console Boot default: 0:wd(0,a)kernel Usage: bios_drive:interface(unit,partition)kernel_name options interface fd, wd or sd unit 0, 1, ... partition a, c, ... kernel_name name of kernel, or ? for list of files in root directory options -c (userconfig) -s (single user) -v (verbose) -D (dual consoles) -h (alternate console) -P (probe kbd) boot: -s <====== Type "-s" - Next, the system will run the normal bootup process. When prompted for
pathnameenter:/usr/libexec/ui/recovery-mode
This will run a script for password recovery.
Enter pathname of shell or RETURN for sh: /usr/libexec/ui/recovery-mode
- The system will finish booting up and display the
root>prompt.... ... NOTE: the system Starting CLI ... root> - Enter configuration mode and edit or delete the root authentication password.
root> configure Entering configuration mode [edit] root# delete system root-authentication [edit] root# commit and-quit commit complete Exiting configuration mode - Finally, reboot the system.
root@congo3> request system reboot Reboot the system ? [yes,no] (no) yes
