Switching

last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Juniper root encrypted password

    Posted 07-18-2014 22:50

    Hi,

    We have Juniper ex4200 series which was in factory default configuration. I configured the juniper router with our specifc vlan, IPs etc. And of course before configuring anything I set the root password (and committed) as below command:

    1. set system root-authentication encrypted-password nokia123

    and

    2.

    set system login user admin uid 2000
    set system login user admin class super-user
    set system login user admin authentication encrypted-password siemens

     

    But when I login using ssh I am not able to login to the system. But when I connect using serial console I am able to connect without password. it seems my root password is encrypted and I dont know how to get my password. Any idae would be appreciated how to avoid this so that I can login to the system using root/nokia123. Of course, I know I should not execute command as above to create root password.

     

    Or is it so that I have to do the root password recovery though  am able to connect through serial console. Since I am not on the site I have to do it remotely and console connection only can be onsite. (?)

     

    [second query: Since I get % prompt when using console connection, can I execute below?:

    "# set groups global system root-authentication plain-text-password"

    to create root password without root password recovery (if needed root password recovery procedure) since I have already executed "set system root-authentication encrypted-password nokia123".].

    Thank you very much.

     



  • 2.  RE: Juniper root encrypted password

    Posted 07-19-2014 04:29

    Hello,

     

    @Belayet wrote:
    before configuring anything I set the root password (and committed) as below command:

    1. set system root-authentication encrypted-password nokia123

    and

    2.

    set system login user admin uid 2000
    set system login user admin class super-user
    set system login user admin authentication encrypted-password siemens

     

    But when I login using ssh I am not able to login to the system. But when I connect using serial console I am able to connect without password

    Wrong syntax.

    "set system login user admin authentication encrypted-password" expects a cryptic sequence starting with $1$, not actual plaintext.

    Also it seems that someone previously connected via console as root did not logout which in Your case is a godsend.

    @Belayet wrote:

    [second query: Since I get % prompt when using console connection, can I execute below?:

    "# set groups global system root-authentication plain-text-password"

    to create root password without root password recovery (if needed root password recovery procedure) since I have already executed "set system root-authentication encrypted-password nokia123".].

    Thank you very much.

     

    No You don't.

    The proper keystroke sequence is below:

     

    cli
edit
set groups global system root-authentication plain-text-password
<type plaintext password twice separated by Enter key from your keyboard, not copy-paste>
commit 
exit
exit

     HTH

    Thanks
    Alex

     



  • 3.  RE: Juniper root encrypted password

    Posted 07-19-2014 21:25

    Hi Alex,

    Since I am not onsite, I will do this on Monday (July 21, 2014) by requesting a person who can manually access to to the system using serial console connection and chane accordingly (my problem is to be onsite). However, will try this and let you know. Thank you.

    Thanks.

    Br, Belayet



  • 4.  RE: Juniper root encrypted password

    Posted 07-20-2014 14:07

    Hi,

     

    One more thing: since I have created already the below root password:

     

    system {

    host-name j0400cnabsh1;

    root-authentication {

    encrypted-password nokia123; ## SECRET-DATA

    }

    login {

    user admin {

    uid 2000;

    class super-user;

    authentication {

    encrypted-password siemens; ## SECRET-DATA

    }

    }

    }

     

    Can I delete them (root and admin) password? If yes, how to delete them?

     

    Thank you again.

     

    Br, Belayet

     

     



  • 5.  RE: Juniper root encrypted password

    Posted 07-20-2014 15:48

    You could either change the passwords on those users or delete them.

     

    To delete you would use the same command as create but "delete" instead of "set".

     

    You may find these two Learning Byte videos from Juniper helpful

     

    Plaintext-vs-Encrypted Passwords

    https://www.youtube.com/watch?v=WdFDX13Y2Q8

     

    Junos Password Recovery

    https://www.youtube.com/watch?v=k3g3Cy7vUTc



  • 6.  RE: Juniper root encrypted password

     
    Posted 07-21-2014 06:46

    I don't think you may delete root-authentication. You may override it though. The command below will set it to "nokia123".

     

    set system root-authentication encrypted-password "$1$pBo9u3wa$o8uzhzSjXZFEQLD3a/Ic10"

     

     

    However, the password "siemens" may fail because it doesn't contain numeric character.

     

    /Charlie