Juniper Networks Router Password Recovery (Updated)
之前已经有很多文章谈到Juniper路由器的root用户密码恢复话题,只是当时的流程仅仅是在老版本的JUNOS系统使用,而且流程比较复杂。其实,在包括新一代的J-系列路由器的JUNOS系统上面,密码恢复的流程已经非常方便。然而目前网上大部分文档仍然在使用过时的密码恢复文档,因此在这里更新一下。
首先,你依然需要获得Console线路的访问能力,然后重启Juniper路由器,在FreeBSD系统启动并开始引导boot loader的时候通过键入空格键[space bar]中断JUNOS的默认启动流程,并且进入ok命令提示符模式。有的文档上说在启动初始化的10秒倒数的时候才键入空格键,我测试了几次,似乎不太保险, 还是比较习惯于类似Cisco路由器密码恢复时候输入ctrl+break的节奏。
Rebooting...
Console: serial port
BIOS drive C: is disk0
BIOS 639kB/261056kB available memory
FreeBSD/i386 bootstrap loader, Revision 0.8
(builder@melusine.juniper.net, Tue Feb 14 07:01:01
GMT 2006)
Loading /boot/defaults/loader.conf
/kernel text=0x3c56a1 data=0x31e14+0x5394c syms=
[0x4+0x45da0+0x4+0x54115]
Hit [Enter] to boot immediately, or space bar for command
prompt.
Type '?' for a list of commands, 'help' for more detailed
help.
ok在ok命令提示符下键入boot -s,引导JUNOS进入单用户模式。此时系统便会执行单用户启动进程。在完成后自动提示用户需要执行recovery脚本或者是进入FreeBSD的shell模式。
ok boot -s
Physical memory use set to 2097136K
Copyright (c) 1996-2001, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2001 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991,
1992, 1993, 1994
The Regents of the University of California.
All rights reserved.
JUNOS 7.2R4.2 #0: 2006-02-14 07:33:49 UTC
builder@melusine.juniper.net:/build/melusine-c/7.2R4.2
/obj-i386/sys/compile/JUNIPER
Timecounter "i8254" frequency 1193182 Hz
Timecounter "TSC" frequency 2495588454 Hz
......
<!--output omitted-->
......
System watchdog timer disabled
Enter full pathname of shell or
'recovery' for root password recovery
or RETURN for /bin/sh:输入recovery命令,系统便执行recovery脚本自动执行之前的文档中所提及的所有步骤,此过程中有可能会出现一些报错信息,大部分是由于配置数据库的版本引起的。不用担心,它们并不会影响密码恢复流程。而且更为人性化的一点在于:流程的末尾部分JUNOS将会通过NOTE:提示你接下来通过JUNOS CLI修复密码每一步应该怎么做。
Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh: recovery Performing filesystem consistency checks ... /dev/ad0s1a: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1a: clean, 71274 free (34 frags, 8905 blocks, 0.0% fragmentation) /dev/ad0s1e: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1e: clean, 12112 free (16 frags, 1512 blocks, 0.1% fragmentation) Performing mount of main filesystems ... Performing filesystem consistency of secondary filesystems ... /dev/ad0s1f: FILESYSTEM CLEAN; SKIPPING CHECKS /dev/ad0s1f: clean, 1262807 free (479 frags, 157791 blocks, 0.0% fragmentation) Performing mount of secondary filesystems ... Performing mount of jkernel ... Mounted jkernel package on /dev/vn1... Performing mount of jpfe ... Mounted jpfe package on /dev/vn2... Performing mount of jroute ... Mounted jroute package on /dev/vn3... Performing mount of jcrypto ... Mounted jcrypto package on /dev/vn4... machdep.bootsuccess: 1 -> 1 Performing initialization of management services ... mgd: error: database schema is out of date, rebuilding it mgd: error: Database header sequence numbers mismatch for file '/var/run/db/juniper.data' mgd: error: Cannot read configuration: Could not open configuration database Performing checkout of management services ... NOTE: Once in the CLI, you will need to enter configurationNOTE:mode using the 'configure' command to make anyNOTE:required changes.NOTE:For example, to reset the root password, type: NOTE: configure NOTE: set system root-authentication plain-text-password NOTE: (enter the new password when asked) NOTE: commit NOTE: exit NOTE: exit NOTE: When you exit the CLI, you will be asked if you want to reboot the system Starting CLI ... root>
最后,你便可以通过删除root用户认证或者重新设置root用户密码来完成整个密码的最后恢复了。
root> configure
Entering configuration mode
[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:
[edit]
root# commit and-quit
commit complete
Exiting configuration mode
root@JUNOS7.2> 标签: junos
九月 20, 2008于12:44 上午
好帖,继续关注
九月 23, 2008于6:15 上午
Great, 谢谢大法师.
九月 23, 2008于9:23 下午
早看到这篇文档就好了。之前还傻傻的按老办法恢复差点没恢复过来:(