As Security Administrator, you must establish a root password conforming to the FIPS
password requirements in Overview of Roles and Services for Junos OS Evolved in FIPS. When you enable
FIPS mode in Junos OS Evolved on the device, you cannot configure passwords unless they
meet this standard.
Local passwords are encrypted with the secure hash algorithm SHA256 or
SHA512.
To enable FIPS mode in Junos OS Evolved on the device:
-
Login to the device using
root.
host login: root
Password:
Last login: Tue May 28 15:44:39 IST 2024 from 10.32.196.40 on pts/0
--- JUNOS 23.4R1.10-EVO Linux (none) 5.2.60-yocto-standard-ge8e43b6 #1 SMP PREEMPT Sun Dec 17 00:14:17 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
[vrf:none] root@host:~#
[vrf:none] root@host:~# cli
root@host>
-
Configure root authentication with password at least 10 characters or
more.
root@host> edit
Entering configuration mode
[edit]
root@host# set system root-authentication plain-text-password
New password:
Retype new password:
[edit]
root@host# commit
commit complete
-
Load configuration onto device and commit new configuration. Configure Security
Administrator and login with Security Administrator credentials.
-
Configure FIPS by setting
set system fips level
1 and commit.
[edit]
root@hostname# set system fips level 1
-
After deleting and reconfiguring CSPs, commit will go through and device needs
reboot to enter FIPS mode.
[edit]
security-administrator@host# commit
[edit]
system reboot is required to transition to FIPS level 1
commit complete
-
Reboot the device:
[edit]
security-administrator@host# run request system reboot
-
After rebooting the device, FIPS self-tests will run and device enters FIPS
mode.
security-administrator@host:fips>
