As Crypto Officer, you must establish a root password conforming to the FIPS password
requirements in Understanding Password Specifications and Guidelines for Junos OS in FIPS Mode. When you enable
FIPS mode in Junos OS on the device, you cannot configure passwords unless they meet
this standard.
Local passwords are encrypted with the secure hash
algorithm SHA-1, SHA-256 or SHA-512. Password recovery is not possible
in Junos OS in FIPS mode. Junos OS in FIPS mode cannot boot into single-user
mode without the correct root password.
After you log in, configure the root (superuser) password
to be used to access the NFX350 device as follows:
- Log in to the device if you have not already done so,
and enter configuration mode:
{master:0}
host-name> configure
Entering configuration mode
- Configure the root password by including the
root-authentication
statement at the [edit system]
hierarchy level and selecting
one of the password options.To configure a plain-text password, select the plain-text-password
option. Enter and confirm the password at the prompts.
{master:0}
[edit system ]
host-name#set root-authentication plain-text-password
New password: type password here
Retype new password: retype password here
Ensure that you follow the password guidelines in Understanding Password Specifications and Guidelines for Junos OS in FIPS Mode.
To configure public keys for SSH authentication of root
logins, use the ssh-ecdsa
option. You can configure more
than one public key for SSH authentication of root logins and for
user accounts. When a user logs in as root
, the public
keys are referenced to determine whether the private key matches any
of them.
- If you are finished configuring the NFX350 device, commit
the configuration and quit:
{master:0}
[edit]
host-name# commit
commit completehost-name# quit