Friday, 15 February 2013

Recover Juniper SRX Lost root Password


How to reset a forgotten root password on a Juniper SRX security Gateway
I am going to write about something which does not happen very often, if it does it is good to have the right information at hand.
I was trying to replace a broken Juniper SRX 240, which is set in a HA cluster. I received the replacement in the office and set the root password.
I took the Firewall to the Data Center, placed it in the rack, powered it on, and for my surprise, I could not access it.
I tried all passwords I could remember, and various combinations, but I was not lucky that day.
It is frustrating, most the time I am organised and I take not of my password in my password manager, but this time I was in a hurry. I had loads to do and had to go back to the office.
After 30 minutes trying various different passwords I gave up and decided to try and break it.
In fact it was easier than I thought, but I thought in documenting it and sharing my experience or bad experience with everyone.
The First thing is to connect your device via serial port to your laptop.
1.      Connect your Juniper Firewall console port to your PC or laptop serial port.
2.      Power off your Juniper Firewall, by pressing the power buttom at the front
3.      I use putty to console to the firewalll, you can use any console program
4.      Power on your Juniper Firewall
5.      You will see your Juniper booting and loads of messages will scroll on your screen
6.      Press <spaceba> right as soon as the boot messages start to scroll
7.      You will see a prompt, similar to the one: loader>
8.      At the prompt, type in: boot -s (hit ENTER)
9.      You will see the following message:
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery (hit ENTER)
1.      Go to configuration mode by typeing in: root@srx100-01% cli (hit ENTER)
2.      Type: root@srx100-01> configure
3.      The prompt changes to: root@srx100-01#
4.      Set the new root password:
root@srx100-01# set system root-authentication plain-text-password (hit ENTER)
New password: newrootpassword
Retype new password: newrootpassword
5. At the command prompt, type:
root@srx100-01# commit (hit ENTER)
6. Exit configuration mode:
root@srx100-01# exit (hit ENTER)
7. Reboot your Juniper firewall, with the following command:
root@srx100-01> request system reboot
That is it folks. I hope this never will never happen to you, but if it does, you know what to do now.
by Renato de Oliveira

Posted by at

1 comment:

Subscribe to: Post Comments (Atom)