Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Recovering Root Password

 

If you forget the root password for a device running Junos OS, you can use the password recovery procedure to reset the root password. Read this topic to understand how to recover root password.

Recovering the Root Password

If you forget the root password for the router, you can use the password recovery procedure to reset the root password.

Before you begin, note the following:

 

To recover the root password:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device, such as a PC or laptop computer, that you want to use to access the CLI.
  3. Plug one end of the Ethernet rollover cable supplied with the router into the RJ-45–to–DB-9 serial port adapter supplied with the router.
  4. Plug the RJ-45–to–DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal) and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:
    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green.

    The terminal emulation screen on your management device displays the router’s boot sequence.

  10. When the following prompt appears, press the Spacebar to access the router’s bootstrap loader command prompt:

    Depending on your device hardware, the bootstrap loader might proceed quite quickly at this step without pausing for input. Therefore, you might need to press the spacebar multiple times at the beginning of the boot sequence.

  11. At the following prompt, type boot -s to start the system in single-user mode.
    ok boot -s
  12. At the following prompt, type recovery to start the root password recovery procedure.
    Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery
  13. Enter configuration mode in the CLI.
  14. Set the root password.

    When you configure a plain-text password, Junos OS encrypts the password for you.

    Caution

    Do not use the encrypted-password option unless the password is already encrypted, and you are entering the encrypted version of the password. If you commit the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the device as root, and you will need to repeat this password recovery process.

  15. At the following prompt, enter the new root password, for example:
    New password: password
  16. At the second prompt, reenter the new root password.
  17. After you have finished configuring the password, commit the configuration.
    root@host# commit
  18. Exit configuration mode in the CLI.
  19. Exit operational mode in the CLI.
  20. At the prompt, type y to reboot the router.
    Reboot the system? [y/n] y

Recovering the Root Password on Junos OS with Upgraded FreeBSD

If you forget the root password for a device running Junos OS with Upgraded FreeBSD, you can use the password recovery procedure to reset the root password.

For the list of Junos OS devices with upgraded FreeBSD, see Junos kernel upgrade to FreeBSD 10+

Note

You need console access to recover the root password.

Note

This password recovery procedure only applies to devices running Junos OS with Upgraded FreeBSD. For password recovery on Junos OS devices, see Recovering the Root Password.

To recover the root password:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device, such as a PC or laptop computer, that you want to use to access the CLI.
  3. Plug one end of the Ethernet rollover cable supplied with the router into the RJ-45–to–DB-9 serial port adapter supplied with the router.
  4. Plug the RJ-45–to–DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal) and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:
    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green.

    The terminal emulation screen on your management device displays the router’s boot sequence.

  10. Access the Junos Main Menu.
    • Prior to Junos OS Release 17.3, the Junos Main Menu appears for 3 seconds on startup before automatically booting the Junos volume. Press any key within the 3 second window to stop the autotmatic boot sequence and display the Junos Main Menu.

      Note

      The Junos Main Menu will appear every time you reboot the router while connected to the console.

    • Starting in Junos OS Release 17.3, press Ctrl+c at the following part in the reboot to bring up the Junos Main Menu:

  11. At the Junos Main Menu, press the M or 5 key to activate the 5. [M]ore options menu:
  12. Press the C or 2 key to access the 2. Recovery mode - [C]LI option. The router will reboot into CLI recovery mode.
  13. When prompted, press the Enter key to immediately boot the router, or press any other key to bring up the command prompt.
  14. Enter configuration mode in the CLI.
    root># configure
  15. Set the root password.

    When you configure a plain-text password, Junos OS encrypts the password for you.

    Caution

    Do not use the encrypted-password option unless the password is already encrypted, and you are entering the encrypted version of the password. If you commit the encrypted-password option with a plain-text password or with blank quotation marks (" "), you will not be able to log in to the router as root, and you will need to repeat this password recovery process.

  16. At the following prompt, enter the new root password, for example:
    New password: password
  17. At the second prompt, reenter the new root password.

Recovering the Root Password for Junos OS Evolved

This procedure resets the root password without resetting the device configuration to the factory default configuration. Only the root password is reset to a value you enter. None of the other functions nor the state of the device are affected.

Connecting to the Serial Port

The first task in the password reset operation is to connect to the serial port of the device.

To connect to the serial port:

  1. Power off the router by pressing the power button on the front panel.
  2. Turn off the power to the management device, such as a PC or laptop computer, that you want to use to access the CLI.
  3. Plug one end of the Ethernet rollover cable supplied with the router into the RJ-45–to–DB-9 serial port adapter supplied with the router.
  4. Plug the RJ-45–to–DB-9 serial port adapter into the serial port on the management device.
  5. Connect the other end of the Ethernet rollover cable to the console port on the router.
  6. Turn on the power to the management device.
  7. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal) and select the appropriate COM port to use (for example, COM1).
  8. Configure the port settings as follows:
    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  9. Power on the router by pressing the power button on the front panel.

    Verify that the POWER LED on the front panel turns green. The terminal emulation screen on your management device displays the router’s boot sequence.

Recovering the Root Password

The password reset operation is triggered early in the boot process, The actual password reset is done in the shell.

To recover the root password for Junos OS Evolved:

  1. Do a hard reboot of the Routing Engine (that is, reboot a device that is not running) .

    On the terminal, you see this screen:

  2. Use the arrow keys to scroll down to the Primary [Recover password] option and press Enter.
  3. Enter the new password, and then retype the new password and Enter.

    The reboot will proceed until the login prompt is displayed.

  4. Enter your login ID, and then your password.

    You will see a shell prompt.

  5. To start the CLI, enter cli.

Troubleshooting Loss of the Root Password

Problem

Description: If you forget the root password for a switch, use the password recovery procedure to reset the root password.

Note

You need physical access to the switch to recover the root password.

Tip

For a video on recovering the root password for routers, see Root Password. The procedure is similar for switches.

Solution

To recover the root password:

  1. Power off your switch by unplugging the power cord or turning off the power at the wall switch.
  2. Insert one end of the Ethernet cable into the serial port on the management device and connect the other end to the console port on the back of the switch. See Figure 1.
    Figure 1: Connecting to the Console Port on the EX Series Switch
    Connecting to
the Console Port on the EX Series Switch
  3. On the management device, start your asynchronous terminal emulation application (such as Microsoft Windows Hyperterminal) and select the appropriate COM port to use (for example, COM1).
  4. Configure the port settings as follows:
    • Bits per second: 9600

    • Data bits: 8

    • Parity: None

    • Stop bits: 1

    • Flow control: None

  5. Power on your switch by plugging in the power cord or turning on the power at the wall switch.Note

    On EX2300 and EX3400 switches after step 5, use the following procedure:

    In the main menu that appears, select [M]ore options > Recovery mode - [C]LI.

    A series of messages describe consistency checks, mounting of filesystems, and initialization and checkout of management services. Then the CLI prompt appears.

    Proceed to Step 9 in this procedure.

  6. When the following prompt appears, press the Spacebar to access the switch's bootstrap loader command prompt:
    Note

    If the switch is in unattended mode for U-Boot, access to the bootstrap loader command prompt is blocked. If the root password is lost, you must reset the switch to the factory default configuration using the LCD panel. For more information, see Reverting to the Default Factory Configuration for the EX Series Switch.

  7. At the following prompt, type boot -s to start up the system in single-user mode:



    loader> boot -s

  8. At the following prompt, type recovery to start the root password recovery procedure:



    Enter full path name of shell or ’recovery’ for root password recovery or RETURN for /bin/sh: recovery

    A series of messages describe consistency checks, mounting of filesystems, and initialization and checkout of management services. Then the CLI prompt appears.

  9. Enter configuration mode in the CLI:



    user@switch> configure

  10. Set the root password. For example:



    user@switch# set system root-authentication plain-text-password
  11. At the following prompt, enter the new root password. For example, juniper1:



    user@switch# juniper1
  12. At the second prompt, reenter the new root password.
  13. If you are finished configuring the network, commit the configuration.



    root@switch# commit
  14. Exit configuration mode in the CLI.



    root@switch# exit
  15. Exit operational mode in the CLI.



    root@switch> exit
  16. At the prompt, enter y to reboot the switch.



    Reboot the system? [y/n] y