SRX password reset/recovery

Here are some basic steps to reset the password on an SRX firewall.

Note: If you are looking for a default password, there is no default password in SRX.
A new SRX out of the box has the root user with no password.

1) Reboot the box and press SPACE when you see the following screen to get to the loader prompt.

writing to flash...
Protected 1 sectors
Loading /boot/defaults/loader.conf
/kernel data=0x9f5c18+0xd8d68 syms=[0x4+0x7e350+0x4+0xb49c7]

Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel] in 1 second...

Type '?' for a list of commands, 'help' for more detailed help.
loader>

2) Type “boot -s” in this prompt

loader>boot -s

3) After a while you will see a screen like below. Type “recovery” to continue

System watchdog timer disabled
Enter full pathname of shell or 'recovery' for root password recovery or RETURN

NOTE: If you don’t see this prompt for recovery but instead “Enter root password”, then password recovery must have been disabled via the configuration “set system ports console insecure” which means you can’t recover the password via this method.

4) In the end you will see that you will drop to the shell without any password. Once you type configure and followed by the “set system root-authentication plain-text-password”, you will have the new password assigned. Don’t forget to commit

NOTE: Once in the CLI, you will need to enter configuration mode using
NOTE: the 'configure' command to make any required changes. For example,
NOTE: to reset the root password, type:
NOTE:    configure
NOTE:    set system root-authentication plain-text-password
NOTE:    (enter the new password when asked)
NOTE:    commit
NOTE:    exit
NOTE:    exit
NOTE: When you exit the CLI, you will be asked if you want to reboot
NOTE: the system

Starting CLI ...
root> configure 
Entering configuration mode

root# set system root-authentication plain-text-password 
New password:
Retype new password:

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE


7 thoughts on “SRX password reset/recovery”

  1. After entering the command boot -s
    i get a promt for the root password and not Enter full pathname of shell or ‘recovery’ for root password

    Please help me

  2. Hi Ronald,
    If you are typing this “boot -s” on loader> prompt you shouldn’t be asked for root password to the best of my knowledge as I have never seen this behavior but I have found the http://kb.juniper.net/InfoCenter/index?page=content&id=KB17565 for you according to which in some branch SRX and junos releases you may have to run “watchdog disable” command just before “boot -s” I don’t know if this can solve your issue or not.

    Regards,

    1. I would like to know password recovery method for juniper firewall without erasing current configuration. I dont have backup.

You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading