Zeroizing the System
The request system zeroize command is a standard Junos OS operational mode command that you can use to revert a router to the factory-default configuration. The operation unlinks all user-created data files, including customized configuration and log files, from their directories. The router then reboots and reverts to the factory-default configuration. Your device is not considered a valid cryptographic module until all critical security parameters (CSPs) have been entered while the device is running the Junos OS in FIPS mode.
You must zeroize the system to remove all plain-text passwords, secret data, and private keys and CSPs, when no longer required.
The security administrator runs the request system zeroize command to remove all user-created files from a device and replace the user data with zeros. This command completely erases all configuration information on the Routing Engines, including all rollback configuration files and plain-text passwords, secret data, and private keys and CSPs for SSH, local encryption, local authentication, IPsec, and SNMP.
To zeroize your device:
Perform system zeroization with care. After the zeroization process is complete, no data is left on the Routing Engine. The device is returned to the factory default state, without any configured users or configuration files.
- Login to the router with your Crypto-Officer “co”
credentials and issue below command to zeroize the router.
co@userhost> request system zeroize
warning: System will be rebooted and may not boot without configuration
Erase all data, including configuration and log files? [yes, no] (no)
warning: zeroizing re0
- When the system finishes rebooting and performing self-tests, proceed with secure configuration.