As Crypto Officer, you run the request system
zeroize command to remove all user-created files from a device
and replace the user data with zeros. This command completely erases
all configuration information on the Routing Engines, including all
rollback configuration files and plain-text passwords, secrets, and
private keys for SSH, local encryption, local authentication, and
IPsec.
To zeroize your device:
CAUTION:
Perform system zeroization with care. After the zeroization
process is complete, no data is left on the Routing Engine. The device
is returned to the factory default state, without any configured users
or configuration files.
- From the CLI, enter
root@user> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes,no] (no) yes
re0:
- To initiate the zeroization process, type yes at the prompt:
Erase all data, including configuration and log files? [yes, no] (no) yes
re0:
--------------------------------------------------------------------------
warning: zeroizing re0
...
...
The entire operation can take considerable time depending on
the size of the media, but all critical security parameters (CSPs)
are removed within a few seconds. The physical environment must remain
secure until the zeroization process is complete.
