How to recover the Root Password for SRX Firewall Devices

If you forget the root password for an SRX firewall device, you can use the password recovery procedure to reset the root password. This procedure also involves disabling the watchdog functionality to allow the system to properly boot into single-user mode

Procedure to follow

Power on the device by pressing the power button on the front panel. Verify that the POWER LED on the front panel turns green.The device’s boot sequence on your management device appears on the terminal emulation screen.

When the autoboot completes, press the Spacebar a few times to access the bootstrap loader prompt.

In operational mode, disable the watchdog functionality and enter boot -s to start up the system in single-user mode.

loader>boot -s

The SRX firewall device will start up in single-user mode.

Enter recovery to start the root password recovery procedure.

System watchdog timer disabled.
Enter full pathname of shell or ‘recovery’ for root password recovery or RETURN for /bin/sh: recovery

Enter configuration mode in the CLI.

Sponsored Link

Set the root password.

[edit]
user@host# set system root-authentication plain-text-password

Enter the new root password.

New password: juniper1
Retype new password:

At the second prompt, reenter the new root password.

If you are finished configuring the network, commit the configuration.

root@host# commit

commit complete

Exit from configuration mode and Exit from operational mode.

Enter y to reboot the device.

Reboot the system? [y/n] y

The start up messages display on the screen.

Once again, press the Spacebar a few times to access the bootstrap loader prompt.

In operational mode, enable the watchdog functionality and enter boot to start up the system.

loader>watchdog enable

loader>boot

The SRX firewall device starts up again and prompts you to enter a user name and password. Enter the newly configured password:

Deviceabc (ttyu0)
login: root
Password: juniper1

Sponsored Link

Leave a comment

Your email address will not be published. Required fields are marked *