Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Establishing Root Password Access

As Crypto Officer, the administrator must establish a root password conforming to the FIPS password requirements in Understanding Password Specifications and Guidelines for Junos OS in FIPS Mode. When the administrator enable FIPS mode in Junos OS on the device, the administrator cannot configure passwords unless they meet this standard.

Local passwords are encrypted with the secure hash algorithm SHA-256 or SHA-512. Password recovery is not possible in Junos OS in FIPS mode. Junos OS in FIPS mode cannot boot into single-user mode without the correct root password.

After the administrator log in, configure the root (superuser) password to be used to access the NFX device as follows:

  1. Log in to the device if the administrator have not already done so, and enter configuration mode:
  2. Configure the root password by including the root-authentication statement at the [edit system] hierarchy level and selecting one of the password options.

    • To configure a plain-text password, select the plain-text-password option. Enter and confirm the password at the prompts.

      Ensure that the administrator follow the password guidelines in Understanding Password Specifications and Guidelines for Junos OS in FIPS Mode.

    • After zeroize, device is in 'Amnesiac' mode. There are no configurations on the device. Connection is possible only on the console port.

      To login to the device in 'Amnesiac' mode, type root at the login: prompt and when prompted for password hit the return key. There is no default password for the root user in 'Amnesiac' mode. The root authentication has to be configured before further configurations can be committed. There area no services that are enabled in the 'Amnesiac' state that allow users to connect to the device. The default configuration has ssh services enabled, but since there are no users configured, login is not possible.

  3. If the administrator finished configuring the NFX device, commit the configuration and quit:

Related Documentation