Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
external-header-nav
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS User Access and Authentication Administration Guide for Junos OS Passwords for User Access

User Access and Authentication Administration Guide for Junos OS

Junos OS Junos OS Evolved
keyboard_arrow_up
close
keyboard_arrow_left
User Access and Authentication Administration Guide for Junos OS
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Recover a Root Password

date_range 06-Nov-24
arrow_backward
arrow_forward

If you forget the root password, you can use the password recovery procedure to reset the root password.

Note:

You cannot perform root password recovery if you configure the console port as insecure.

After you configure the console port as insecure, if a user tries to perform a password recovery operation by booting in single-user mode, the device prompts for the root password. Additionally, if a user boots in CLI recovery mode, the operation is not allowed. Thus, only a user who knows the root password is able to log in. For more information, see Configuration Guidelines for Securing Console Port Access.

How to Recover the Root Password for Junos OS

If you forget the root password for the router, you can use the password recovery procedure to reset the root password.

Before you begin, note the following:

  • You need console access to recover the root password.

Video 1: How to Recover the Root Password in Junos OS

To recover the root password:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device (usually a computer) that you use to access the CLI.
  3. Plug one end of the Ethernet rollover cable (supplied with the router) into the RJ-45 to DB-9 serial port adapter supplied with the router.
  4. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. From the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal), and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:

    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green.

    The terminal emulation screen on your management device displays the router’s boot sequence.

  10. When the following prompt appears, press the Spacebar to access the router’s bootstrap loader command prompt.
    content_copy zoom_out_map
    Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 9 seconds...
    Note:

    Depending on your device hardware, the bootstrap loader might proceed quickly at this step without pausing for input. Pay close attention to the prompts that appear and press the Spacebar immediately after seeing the above prompt flash on the screen.

  11. At the following prompt, type boot -s to start the system in single-user mode.
    content_copy zoom_out_map
    boot -s
  12. At the following prompt, type recovery to start the root password recovery procedure.
    content_copy zoom_out_map
    Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
  13. Enter configuration mode in the CLI.
  14. Set the root password.
    content_copy zoom_out_map
    [edit]
user@host# set system root-authentication plain-text-password

    When you configure a plain-text password, the system encrypts the password for you.

    CAUTION:

    Avoid using the encrypted-password option unless the password is already encrypted and you are entering the encrypted version of the password. If you commit the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the device as root, and you will need to repeat this password recovery process.

  15. At the following prompt, enter the new root password. For example:
    content_copy zoom_out_map
    New password: password
  16. At the second prompt, reenter the new root password.
    content_copy zoom_out_map
    Retype new password:
  17. After you have finished configuring the password, commit the configuration.
    content_copy zoom_out_map
    root@host# commit
commit complete
  18. Exit configuration mode in the CLI.
  19. Exit operational mode in the CLI.
  20. At the prompt, type y to reboot the router.
    content_copy zoom_out_map
    Reboot the system? [y/n] y

How to Recover the Root Password on Junos OS with Upgraded FreeBSD

If you forget the root password for a device running Junos OS with Upgraded FreeBSD, you can use the password recovery procedure to reset the root password.

For the list of Junos OS devices with upgraded FreeBSD, see Junos kernel upgrade to FreeBSD 10+

Note:

You need console access to recover the root password.

To recover the root password:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device (usually a computer) that you will use to access the CLI.
  3. Plug one end of the Ethernet rollover cable (supplied with the router) into the RJ-45 to DB-9 serial port adapter (supplied with the router).
  4. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal), and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:

    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green.

    The terminal emulation screen on your management device displays the router’s boot sequence.

  10. Access the Junos Main Menu.

    • Prior to Junos OS Release 17.3, the Junos Main Menu appears for 3 seconds on startup before automatically booting the Junos volume. Press any key within the 3 second window to stop the automatic boot sequence and display the Junos Main Menu.

      Note:

      The Junos Main Menu will appear every time you reboot the router while connected to the console.

    • Press Ctrl+c at the following part in the reboot to bring up the Junos Main Menu:

      content_copy zoom_out_map
      FreeBSD/x86 bootstrap loader, Revision 1.1
(builder@feyrith.juniper.net, Sun Feb  4 13:06:24 PST 2018)
/
Autoboot in 1 seconds... (press Ctrl-C to interrupt)
    content_copy zoom_out_map
    1.  Boot [J]unos volume
2.  Boot Junos volume in [S]afe mode

3.  [R]eboot

4.  [B]oot menu
5.  [M]ore options
  11. At the Junos Main Menu, press the M or 5 key to activate the 5. [M]ore options menu:
    content_copy zoom_out_map
    1.  Recover [J]unos volume
2.  Recovery mode - [C]LI

3.  Check [F]ile system

4.  Enable [V]erbose boot

5.  [B]oot prompt

6.  [M]ain menu
  12. Press the C or 2 key to access the 2. Recovery mode - [C]LI option. The router will reboot into CLI recovery mode.
  13. When prompted, press the Enter key to immediately boot the router, or press any other key to bring up the command prompt.
  14. Enter configuration mode in the CLI.
    content_copy zoom_out_map
    root># configure
Entering configuration mode
  15. Set the root password.

    When you configure a plain-text password, Junos OS encrypts the password for you.

    content_copy zoom_out_map
    [edit]
root# set system root-authentication plain-text-password
    CAUTION:

    Do not use the encrypted-password option unless the password is already encrypted, and you are entering the encrypted version of the password. If you commit the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the router as root, and you will need to repeat this password recovery process.

  16. At the following prompt, enter the new root password. For example:
    content_copy zoom_out_map
    New password: password
  17. At the second prompt, reenter the new root password.
    content_copy zoom_out_map
    Retype new password: password
  18. After you have finished configuring the password, commit the configuration.
    content_copy zoom_out_map
    root@host# commit
commit complete

How to Recover the Root Password on Switches

Problem

Description

If you forget the root password for a switch, use the password recovery procedure to reset the root password.

Before you begin, note the following:

  • You need physical access to the switch to recover the root password.

Tip:

For a video on recovering the root password for routers, see Recovering the Root Password on Routers. The procedure is similar for switches.

Solution

To recover the root password:

  1. Power off your switch by unplugging the power cord or turning off the power at the wall switch.

  2. Insert one end of the Ethernet cable into the serial port on the management device and connect the other end to the console port on the back of the switch. See Figure 1.

    Figure 1: Connecting to the Console Port on the EX Series SwitchConnecting to the Console Port on the EX Series Switch

  3. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal). Then, select the appropriate COM port to use (for example, COM1).

  4. Configure the port settings as follows:

    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  5. Power on your switch by plugging in the power cord or turning on the power at the wall switch.

  6. When the following prompt appears, press the Spacebar to access the switch's bootstrap loader command prompt.

    content_copy zoom_out_map
    Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [kernel] in 1 second...
    Note:

    If the switch is in unattended mode for U-Boot, access to the bootstrap loader command prompt is blocked. If the root password is lost, you must reset the switch to the factory default configuration using the LCD panel.

  7. At the following prompt, type boot -s to start up the system in single-user mode:

    content_copy zoom_out_map
    loader> boot -s

  8. At the following prompt, type recovery to start the root password recovery procedure:

    content_copy zoom_out_map
    Enter full path name of shell or ’recovery’ for root password recovery or RETURN for /bin/sh: recovery

    A series of messages describe consistency checks, mounting of filesystems, and initialization and checkout of management services. Then the CLI prompt appears.

  9. Enter configuration mode in the CLI:

    content_copy zoom_out_map
    user@switch> configure

  10. Set the root password.

    content_copy zoom_out_map
    user@switch# set system root-authentication plain-text-password

  11. At the following prompt, enter the new root password:

    content_copy zoom_out_map
    New password: password

  12. At the second prompt, reenter the new root password.

    content_copy zoom_out_map
    Retype new password: password

  13. After you finish configuring the device, commit the configuration.

    content_copy zoom_out_map
    root@switch# commit
commit complete

  14. Exit configuration mode in the CLI.

    content_copy zoom_out_map
    root@switch# exit

  15. Exit operational mode in the CLI.

    content_copy zoom_out_map
    root@switch> exit

  16. At the prompt, enter y to reboot the switch.

    content_copy zoom_out_map
    Reboot the system? [y/n] y
arrow_backward PREVIOUS Root Password
NEXT arrow_forward Plain-Text Passwords
external-footer-nav