Knowledge Search


[EX] Console port insecure feature

  [KB32518] Show Article Properties


The command “set system ports console insecure” feature is not supported on EX platforms. This option can be used to prevent a user from attempting password recovery by booting into single-user mode, if the user does not know the root password.


Although the “set system ports console insecure” is configured, a prompt is not shown when resetting the switch and attempting to change the password via the console. Therefore, this feature does not prevent entering single-user mode and resetting the root password if the switch is rebooted.


Because Junos is common for a number of the platforms at Juniper, the command is accepted when a commit is performed. It changes the mode for tty and gets into a lock state.


This feature does not prevent password recovery via booting into single user mode as it is not supported in any of the EX switches.

The device can be recovered by rolling back the config using any other super-user login to the device over console or SSH/Telnet/HTTP login. If it is not working as expected, the device can be recovered by using format installation.

Modification History:
2019-09-23: Expanded upon 'Solution' field.
Related Links: