Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX] Password recovery process using 'boot -s' option may request root password on XRE200

0

0

Article ID: KB33068 KB Last Updated: 03 Apr 2021Version: 3.0
Summary:

Password recovery for XRE200 has been broken since 12.3R1. In problematic JUNOS version, JUNOS will request root password during the password recovery process.

This article provides a workaround to recover the system and the affected or fixed JUNOS version information.

Symptoms:

(snip)

Enter root password, or ^D to go multi-user
Password:        <--- here
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

Performing filesystem consistency checks ...

(snip)

Solution:
  1. Workaround Solution

    If an affected JUNOS version is being used, the issue can be avoided with the following steps:

    For both primary/backup XRE,

    (1) Remove the softlink "/etc/ttys"
    (2) Copy "/var/etcroot/ttys" to "/etc/ttys"

    (Primary)
    root@8200VC:RE:8% cd /etc
    root@8200VC:RE:8% ls -al tty*
    lrwxrwxrwx  1 root  wheel  17 Apr 20 16:57 ttys -> /var/etcroot/ttys
    lrwxr-xr-x  1 root  wheel  32 Apr 20 16:57 ttys.sys -> /packages/mnt/jbase/etc/ttys.sys
    root@8200VC:RE:8% rm ttys
    root@8200VC:RE:8% cp /var/etcroot/ttys /etc/ttys
    root@8200VC:RE:8% ls -al ttys
    -rw-r--r--  1 root  wheel  7586 Jun 26 14:52 ttys

    (Backup)
    root@8200VC:RE:9% cd /etc
    root@8200VC:RE:9% ls -al tty*
    lrwxrwxrwx  1 root  wheel  17 Apr 20 16:57 ttys -> /var/etcroot/ttys
    lrwxr-xr-x  1 root  wheel  32 Apr 20 16:57 ttys.sys -> /packages/mnt/jbase/etc/ttys.sys
    root@8200VC:RE:9% rm ttys
    root@8200VC:RE:9% cp /var/etcroot/ttys /etc/ttys
    root@8200VC:RE:9% ls -al ttys
    -rw-r--r--  1 root  wheel  7586 Jun 26 14:52 ttys

  2. Recover system access (cannot recover configuation itself)

    If an affected JUNOS version is being used, but the above workaround solution has not been applied. There is no way to recover the password.
    Instead, you can still recover the system access by selecting 'FACTORY DEFAULT' from the LCD panel.
    In this case, the configuration will be erased and cannot be recovered.

    Steps for 'FACTORY DEFAULT'

    (1) Move to "MAINTENANCE MENU" using "Up" or "Down" button and select it pushing "Enter" button
    (2) Move to "FACTORY DEFAULT" using "Up" or "Down" button and say "yes" pushing "Enter" button
    (3) You will see "RESOTRE DEFAULT" here and say "yes" pushing "Enter" button



    Notice:
    In case of XRE200, USB reinstall only copies the JUNOS image into internal CF memory.
    Recovery install from CF memory does not erase configuration.
    So, 'FACTORY DEFAULT' from LCD panel button is the only the way to get access back.

  3. Affected JUNOS version & JUNOS version with Permanent Fix

    This issue has been introduced since 12.3R1 and fixed in 12.3R12-S10, 15.1R7-S2, 15.1R8 or later.

    Notice
    Password recovery may be necessary when you downgrade JUNOS from 15.1R to 12.3R due to the difference of hashing/encryption algorithm.
    For more details, refer to KB31903 - [EX] Password hashing/encryption differences between Junos OS release 15.1 and earlier releases.

 

Modification History:
2021-03-25: Updated the article terminology to align with Juniper's Inclusion & Diversity initiatives.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search