Juniper SRX (Junos OS)密碼恢復Password Recovery

Juniper SRX (Junos OS)密碼恢復Password Recovery

一旦Juniper SRX (Junos OS)網路設備的 root 帳號密碼丟失了，並且沒有其他擁有super user許可權的帳戶可替代使用，那麼我們就需要執行密碼恢復作業來重新取得root密碼，該操作僅會變更root帳號的密碼，並不會造成系統配置的丟失，這點與ScreenOS(Netscreen設備)是不同的。

而密碼恢復程序需要中斷設備的正常運行，因其過程中需要重開機，所以為了不影響網路的正常運作，因此我們建議您利用離峰或是夜晚沒人使用網路的時段來進行。

要進行密碼恢復作業只能從console來進行，請參考下列的網路連結：

如何連線Juniper SRX/SSG Colsole Port

密碼恢復程序的步驟：

1.  從console port連接SRX網路設備，然後重啟SRX。
root@srx100> request system reboot
Reboot the system ? [yes,no] (no) yes

2.  在啟動過程中，console 螢幕出現下面的提示的時候，按空白鍵中斷正常啟動方式，然後再進入單用戶狀態，並輸入：boot -s

Loading /boot/defaults/loader.conf

/kernel data=… … syms=[… …]

Hit [Enter] to boot immediately，or space bar for command prompt.

loader>

loader> boot –s

3.  執行密碼恢復：在以下提示文字後輸入 recovery，設備將自動進行重啟

Enter full pathname of shell or 'recovery' for root password

recovery or RETURN for /bin/sh: recovery

4.  進入配置模式，刪除 root 密碼，並重新設置root 密碼：

root@srx100> configure

Entering configuration mode

root@srx100#delete system root-authentication    ##刪除 root 密碼

root@srx100#set system root-authentication plain-text-password    ##重新設置 root 密碼

New password:

Retype new password:

root@srx100# commit

commit complete

[edit]

root@srx100# exit

Exiting configuration mode

root@srx100> exit   ##一旦離開密碼恢復模式，系統就會要求重開機

Reboot the system? [y/n] y

Terminated

以下為從console操作的實際詳細步驟:

從console登入後進入到操作模式中，然後輸入下列的命令：

root@srx100> request system reboot        ##要執行密碼恢復程序必須要重開機

Reboot the system ? [yes,no] (no) yes

Shutdown NOW!

[pid 1849]

root@srx100>                                                                                

*** FINAL System shutdown message from root@SRX100 ***                      

System going down IMMEDIATELY                                                 

DWaiting (max 60 seconds) for system process `vnlru_mem' to stop...done

Waiting (max 60 seconds) for system process `vnlru' to stop...done

Waiting (max 60 seconds) for system process `bufdaemon' to stop...done

Waiting (max 60 seconds) for system process `syncer' to stop...

Syncing disks，vnodes remaining...0 0 0 done

syncing disks... All buffers synced.

Uptime: 55m27s

Rebooting...

cpu_reset: Stopping other CPUs

U-Boot 1.1.6-JNPR-2.8 (Build time: Feb 10 2015 - 01:03:41)    ##系統重開機了

Initializing memory this may take some time...

Measured DDR clock 266.62 MHz

SRX_100_LOWMEM board revision major:0，minor:0，serial #: AT1311AF0637

OCTEON CN5020-SCP pass 1.1，Core clock: 500 MHz，DDR clock: 266 MHz (532 Mhz data rate)

DRAM:  512 MB

Starting Memory POST...

Checking datalines... OK

Checking address lines... OK

Checking 512K memory for U-Boot... OK.

Running U-Boot CRC Test... OK.

Flash:  4 MB

USB:   scanning bus for devices... 4 USB Device(s) found

       scanning bus for storage devices... 2 Storage Device(s) found

Clearing DRAM....... done

BIST check passed.

Boot Media: nand-flash usb

Net:   pic init done (err = 0)octeth0

POST Passed

Press SPACE to abort autoboot in 1 seconds        ##這串訊息約在開機10秒左右出現

ELF file is 32 bit

Loading .text @ 0x8f0000a0 (246560 bytes)

Loading .rodata @ 0x8f03c3c0 (14144 bytes)

Loading .reginfo @ 0x8f03fb00 (24 bytes)

Loading .rodata.str1.4 @ 0x8f03fb18 (16516 bytes)

Loading set_Xcommand_set @ 0x8f043b9c (96 bytes)

Loading .rodata.cst4 @ 0x8f043bfc (20 bytes)

Loading .data @ 0x8f044000 (5760 bytes)

Loading .data.rel.ro @ 0x8f045680 (120 bytes)

Loading .data.rel @ 0x8f0456f8 (136 bytes)

Clearing .bss @ 0x8f045780 (11600 bytes)

## Starting application at 0x8f0000a0 ...

Consoles: U-Boot console 

Found compatible API，ver. 2.8

FreeBSD/MIPS U-Boot bootstrap loader，Revision 2.8

 (slt-builder@svl-ssd-build-vm06.Juniper.net，Tue Feb 10 00:32:30 PST 2015)

Memory: 512MB

 [0]Booting from nand-flash slice 1

Un-Protected 1 sectors

writing to flash...

Protected 1 sectors

Loading /boot/defaults/loader.conf           ##這串訊息約開機30秒左右會出現

 kernel data=0xb01a64+0x1340ac *           ##當您看到這串訊息時，記得先按幾下空白鍵來進入loader模式，此時會等待半分鐘左右

 kernel data=0xb01a64+0x1340ac * syms=[0x4+0x8b0b0+0x4+0xc9f11] *

Hit [Enter] to boot immediately，or space bar for command prompt.     ##當您看到這串訊息再按鍵已經來不及了! 請記得提前按空白鍵。

Type '?' for a list of commands，'help' for more detailed help.

loader> boot –s      ##輸入此命令則會進入密碼恢復程式

\|/-Kernel entry at 0x801000e0 ...

init regular console

Primary ICache: Sets 64 Size 128 Asso 4

Primary DCache: Sets 1 Size 128 Asso 64

Secondary DCache: Sets 128 Size 128 Asso 8

GDB: debug ports: uart

GDB: current port: uart

KDB: debugger backends: ddb gdb

KDB: current backend: ddb

kld_map_v: 0x8ff80000, kld_map_p: 0x0

Copyright (c) 1996-2017, Juniper Networks, Inc.

All rights reserved.

Copyright (c) 1992-2006 The FreeBSD Project.

Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994

    The Regents of the University of California. All rights reserved.

JUNOS 12.1X46-D72.2 #0: 2017-12-23 09:11:03 UTC

    builder@tenneth-vm01.juniper.net:/volume/build/junos/12.1/service/12.1X46-D72.2/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel

JUNOS 12.1X46-D72.2 #0: 2017-12-23 09:11:03 UTC

    builder@tenneth-vm01.juniper.net:/volume/build/junos/12.1/service/12.1X46-D72.2/obj-octeon/junos/bsd/kernels/JSRXNLE/kernel

real memory  = 1073741824 (1024MB)

avail memory = 509661184 (486MB)

FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs

Security policy loaded: JUNOS MAC/pcap (mac_pcap)

Security policy loaded: JUNOS MAC/runasnonroot (mac_runasnonroot)

netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1

cpu0 on motherboard

: CAVIUM's OCTEON 5020 CPU Rev. 0.1 with no FPU implemented

        L1 Cache: I size 32kb(128 line), D size 8kb(128 line), sixty four way.

        L2 Cache: Size 128kb, 8 way

obio0 on motherboard

uart0: <Octeon-16550 channel 0> on obio0

uart0: console (9600,n,8,1)

twsi0 on obio0

dwc0: <Synopsis DWC OTG Controller Driver> on obio0

usb0: <USB Bus for DWC OTG Controller> on dwc0

usb0: USB revision 2.0

uhub0: vendor 0x0000 DWC OTG root hub, class 9/0, rev 2.00/1.00, addr 1

uhub0: 1 port with 1 removable, self powered

uhub1: vendor 0x0409 product 0x005a, class 9/0, rev 2.00/1.00, addr 2

uhub1: single transaction translator

uhub1: 2 ports with 1 removable, self powered

umass0: STMicroelectronics ST72682  High Speed Mode, rev 2.00/2.10, addr 3 cpld0 on obio0

pcib0: <Cavium on-chip PCI bridge> on obio0

Disabling Octeon big bar support

PCI Status: PCI 32-bit: 0xc041b

pcib0: Initialized controller

pci0: <PCI bus> on pcib0

pci0: <serial bus, USB> at device 2.0 (no driver attached)

pci0: <serial bus, USB> at device 2.1 (no driver attached)

pci0: <serial bus, USB> at device 2.2 (no driver attached)

gblmem0 on obio0

octpkt0: <Octeon RGMII> on obio0

cfi0: <AMD/Fujitsu - 4MB> on obio0

Timecounter "mips" frequency 500000000 Hz quality 0

###PCB Group initialized for udppcbgroup

###PCB Group initialized for tcppcbgroup

da0 at umass-sim0 bus 0 target 0 lun 0

da0: <ST ST72682 2.10> Removable Direct Access SCSI-2 device

da0: 40.000MB/s transfers

da0: 1000MB (2048000 512 byte sectors: 64H 32S/T 1000C)

Trying to mount root from ufs:/dev/da0s1a

MFSINIT: Initialising MFSROOT

Process-1 beginning MFSROOT initialization...

Creating MFSROOT...

/dev/md0: 20.0MB (40956 sectors) block size 16384, fragment size 2048

    using 4 cylinder groups of 5.00MB, 320 blks, 640 inodes.

super-block backups (for fsck -b #) at:

 32, 10272, 20512, 30752

Populating MFSROOT...

Creating symlinks...

Setting up mounts...

Continuing boot from MFSROOT...

Attaching /cf/packages/junos via /dev/mdctl...

Mounted junos package on /dev/md1...

JBooting single-user

Mounting /dev/bo0s3f /cf/var

** /dev/bo0s3f

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 169623 free (159 frags, 21183 blocks, 0.1% fragmentation)

System watchdog timer disabled

Enter full pathname of shell or 'recovery' for root password recovery or

RETURN for /bin/sh: recovery           ##要在這裡輸入'recovery'來進入password recovery程序

[0m

Performing system setup ...

Checking integrity of BSD labels:

  s1: Passed

  s2: Passed

  s3: Passed

  s4: Passed

** /dev/bo0s3e

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 12394 free (18 frags, 1547 blocks, 0.1% fragmentation)

** /dev/bo0s3f

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 169623 free (159 frags, 21183 blocks, 0.1% fragmentation)

Checking integrity of licenses:

  JUNOS221719.lic: Passed

Checking integrity of configuration:

  rescue.conf.gz: Passed

Loading configuration ...

mgd: commit complete

Setting initial options: .

Starting optional daemons:  usbd.

Doing initial network setup:.

Initial interface configuration:

additional daemons: eventd.

Time and ticks drifted too much,            resetting synchronization...

Additional routing options:kern.module_path: /boot//kernel;/boot/modules -> /modules/ifpfe_drv;/modules;

kld netpfe drv: ifpfed_dialer ipsec kld.

Doing additional network setup:.

Starting final network daemons:.

setting ldconfig path: /usr/lib /opt/lib

starting standard daemons: cron.

Initial rc.mips initialization:.

Local package initialization:.

starting local daemons:set cores for group access

.

Creating JAIL MFS partition...

JAIL MFS partition created

boot.upgrade.uboot="0xBFC00000"

boot.upgrade.loader="0xBFE00000"

BIOS check: /boot/bios-autoupgrade.conf does not exist

BIOS check: /boot/bios-autoupgrade.conf does not exist

Boot media /dev/da0 has dual root support

WARNING: JUNOS versions running on dual partitions are not same

** /dev/da0s2a

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 74100 free (28 frags, 9259 blocks, 0.0% fragmentation)

Sat Jun  9 23:18:13 CST 2018

Running recovery script ...

machdep.bootsuccess: 1 -> 1

Performing initialization of management services ...

Performing checkout of management services ...

NOTE: Once in the CLI, you will need to enter configuration mode using

NOTE: the 'configure' command to make any required changes. For example,

NOTE: to reset the root password, type:

NOTE:    configure

NOTE:    set system root-authentication plain-text-password

NOTE:    (enter the new password when asked)

NOTE:    commit

NOTE:    exit

NOTE:    exit

NOTE: When you exit the CLI, you will be asked if you want to reboot

NOTE: the system

Starting CLI ...           ##進入CLI模式

root@srx100> configure            ##進入配置模式

Entering configuration mode

[edit]

root@srx100# delete system root-authentication            ##刪除已丟失的root密碼

[edit]

root@srx100# set system root-authentication plain-text-password         ##重新設定root密碼

New password:

Retype new password:

[edit]

root@srx100# commit          ##記得要提交設定，否則開機後還要再重來一次

commit complete

[edit]

root@srx100# exit             ##完成後離開配置模式

The configuration has been changed but not committed

Exit with uncommitted changes? [yes,no] (yes) yes

Exiting configuration mode

root@srx100> exit             ##離開password recovery模式

Reboot the system? [y/n] y            ##離開後系統會自動重開機

Waiting (max 60 seconds) for system process `vnlru_mem' to stop...done

Waiting (max 60 seconds) for system process `vnlru' to stop...done

Waiting (max 60 seconds) for system process `bufdaemon' to stop...done

Waiting (max 60 seconds) for system process `syncer' to stop...

Syncing disks, vnodes remaining...0 0 0 0 done

syncing disks... All buffers synced.

Uptime: 10m50s

Rebooting...

cpu_reset: Stopping other CPUs

U-Boot 1.1.6-JNPR-2.8 (Build time: Feb 10 2015 - 01:03:41)

Initializing memory this may take some time...

Measured DDR clock 266.62 MHz

SRX_100_HIGHMEM board revision major:0, minor:0, serial #: AT3809AF0750

OCTEON CN5020-SCP pass 1.1, Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)

DRAM:  1024 MB

Starting Memory POST...

Checking datalines... OK

..

..

../* 開機中間過程省略 */

..

..

boot.upgrade.uboot="0xBFC00000"

boot.upgrade.loader="0xBFE00000"

Boot media /dev/da0 has dual root support

** /dev/da0s2a

FILE SYSTEM CLEAN; SKIPPING CHECKS

clean, 74100 free (28 frags, 9259 blocks, 0.0% fragmentation)

Sat Jun  9 23:30:00 CST 2018

srx100 (ttyu0)

login:

大功告成!