Juniper路由器密码恢复流程(更新)

Juniper Networks Router Password Recovery (Updated)

juniper-networks-router-password-recovery

之前已经有很多文章谈到Juniper路由器的root用户密码恢复话题,只是当时的流程仅仅是在老版本的JUNOS系统使用,而且流程比较复杂。其实,在包括新一代的J-系列路由器的JUNOS系统上面,密码恢复的流程已经非常方便。然而目前网上大部分文档仍然在使用过时的密码恢复文档,因此在这里更新一下。

首先,你依然需要获得Console线路的访问能力,然后重启Juniper路由器,在FreeBSD系统启动并开始引导boot loader的时候通过键入空格键[space bar]中断JUNOS的默认启动流程,并且进入ok命令提示符模式。有的文档上说在启动初始化的10秒倒数的时候才键入空格键,我测试了几次,似乎不太保险, 还是比较习惯于类似Cisco路由器密码恢复时候输入ctrl+break的节奏。

Rebooting...
Console: serial port
BIOS drive C: is disk0
BIOS 639kB/261056kB available memory

FreeBSD/i386 bootstrap loader, Revision 0.8
(builder@melusine.juniper.net, Tue Feb 14 07:01:01
GMT 2006)
Loading /boot/defaults/loader.conf
/kernel text=0x3c56a1 data=0x31e14+0x5394c syms=
[0x4+0x45da0+0x4+0x54115]

Hit [Enter] to boot immediately, or space bar for command
prompt.

Type '?' for a list of commands, 'help' for more detailed
help.
ok

在ok命令提示符下键入boot -s,引导JUNOS进入单用户模式。此时系统便会执行单用户启动进程。在完成后自动提示用户需要执行recovery脚本或者是进入FreeBSD的shell模式。

ok boot -s
Physical memory use set to 2097136K
Copyright (c) 1996-2001, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2001 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991,
1992, 1993, 1994
	The Regents of the University of California.
	All rights reserved.
JUNOS 7.2R4.2 #0: 2006-02-14 07:33:49 UTC
    builder@melusine.juniper.net:/build/melusine-c/7.2R4.2
/obj-i386/sys/compile/JUNIPER
Timecounter "i8254"  frequency 1193182 Hz
Timecounter "TSC"  frequency 2495588454 Hz
......
<!--output omitted-->
......
System watchdog timer disabled
Enter full pathname of shell or
'recovery' for root password recovery
or RETURN for /bin/sh:

输入recovery命令,系统便执行recovery脚本自动执行之前的文档中所提及的所有步骤,此过程中有可能会出现一些报错信息,大部分是由于配置数据库的版本引起的。不用担心,它们并不会影响密码恢复流程。而且更为人性化的一点在于:流程的末尾部分JUNOS将会通过NOTE:提示你接下来通过JUNOS CLI修复密码每一步应该怎么做。


Enter full pathname of shell or
'recovery' for root password recovery
or RETURN for /bin/sh: recovery

Performing filesystem consistency checks ...
/dev/ad0s1a: FILESYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1a: clean, 71274 free (34 frags, 8905 blocks,
0.0% fragmentation)
/dev/ad0s1e: FILESYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1e: clean, 12112 free (16 frags, 1512 blocks,
0.1% fragmentation)

Performing mount of main filesystems ...

Performing filesystem consistency of secondary filesystems
...
/dev/ad0s1f: FILESYSTEM CLEAN; SKIPPING CHECKS
/dev/ad0s1f: clean, 1262807 free (479 frags, 157791 blocks,
0.0% fragmentation)

Performing mount of secondary filesystems ...

Performing mount of jkernel ...
Mounted jkernel package on /dev/vn1...

Performing mount of jpfe ...
Mounted jpfe package on /dev/vn2...

Performing mount of jroute ...
Mounted jroute package on /dev/vn3...

Performing mount of jcrypto ...
Mounted jcrypto package on /dev/vn4...
machdep.bootsuccess: 1 -> 1

Performing initialization of management services ...
mgd: error: database schema is out of date, rebuilding it
mgd: error: Database header sequence numbers mismatch for
     file '/var/run/db/juniper.data'
mgd: error: Cannot read configuration: Could not open
     configuration database

Performing checkout of management services ...

NOTE: Once in the CLI, you will need to enter configuration
NOTE: mode using the 'configure' command to make any
NOTE: required changes.
NOTE: For example, to reset the root password, type:
NOTE:    configure
NOTE:    set system root-authentication plain-text-password
NOTE:    (enter the new password when asked)
NOTE:    commit
NOTE:    exit
NOTE:    exit
NOTE: When you exit the CLI, you will be asked if you want
      to reboot the system

Starting CLI ...
root>

最后,你便可以通过删除root用户认证或者重新设置root用户密码来完成整个密码的最后恢复了。

root> configure
Entering configuration mode

[edit]
root# set system root-authentication plain-text-password
New password:
Retype new password:

[edit]
root# commit and-quit
commit complete
Exiting configuration mode

root@JUNOS7.2> 
Advertisements

3 thoughts on “Juniper路由器密码恢复流程(更新)

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s