Recover Root Password on SRX300

Recovering the Root Password on an SRX 300

What you will need:

  • Laptop – Windows 10 or 11 with Internet access (without the SRX300 in production)
  • SRX 300
  • Console Cable (USB to USB2)
  • Juniper Communications Port Driver – press <CTRL> and click the link below to install.

https://www.silabs.com/community/interface/knowledge-base.entry.html/2016/08/19/driversforjuniper-WkA6

  • Putty Emulation Software – press <CTRL> and click the link below to install. 

Download PuTTY - a free SSH and telnet client for Windows

Instructions:

  1. Using the above link, install the Juniper Port Driver on your laptop.
  2. Using the above link, install Putty software on your laptop.
  3. Power down the SRX 300 by pressing the power button until all lights go off.
  4. Connect the USB2 (small end) of the Console Cable into the SRX port marked “CONSOLE” at the bottom with a USB sign on top. (Port on the right)
  5. Connect the USB (big end) port end to your laptop.
  6. Now that your port driver is installed, go to your laptop’s Device Manager and click on “Ports (COM & LPT) and write down the COM port being used to connect to the Juniper SRX. (If it is not there, then turn on the SRX and it will pop up.)
  7. Initiate Putty on your laptop.

![Graphical user interface, application

Description automatically generated](/api/v4/helpdesk_files/blobs/8979945/download)

  1. Click the Serial button and enter the COM port from the device manager. Keep the speed at 9600 and click Open.
  2. When the following prompt appears, press the Spacebar to access the router’s bootstrap loader command prompt. 

Hit [Enter] to boot immediately, or space bar for command prompt.

Booting [kernel] in 9 seconds...

The bootstrap loader might proceed quickly at this step without pausing for input. Therefore, you might need to press the spacebar multiple times at the beginning of the boot sequence.

  1. At the following prompt, type boot  -s to start the system in single user mode.

ok boot -s

  1. At the following prompt, type recovery to start the root password recovery procedure.

Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery

  1. Enter the configuration mode in the CLI by typing cli and then config.
  2. Set the root password.

[edit]user@host# set system root-authentication plain-text-password

        When you use the plain-text-password, the SRX will encrypt the password for you immediately.

  1. At the following prompt, enter new password. Make it xca11bur

New password: xca11bur

  1. At the second prompt, enter the new root password.

Retype new password: xca11bur

  1. If the SRX had a version change to a version that begins with 19, then the default in the new firmware may have disallowed the root user login entirely. To allow the root login, type the following:

user@host# **set system services ssh root-login allow**

  1. After you have finished configuring the password, then commit the configuration.

root@host# commitcommit complete

  1. Exit the configuration mode by typing exit.
  2. Exit operational mode by typing exit again.
  3. At the prompt, type y to reboot the SRX.

Reboot the system? [y/n] y