[j-nsp] Password Recovery

Kristian Larsson kristian at juniks.net
Sun Nov 27 19:27:02 EST 2005


On Sun, Nov 27, 2005 at 02:16:12PM -1000, Randy Bush wrote:
> > Is there some way to disable the password recovery process, as detailed
> > here?
> > 
> > http://juniper.cluepon.net/index.php/Password_recovery
> > 
> > I want to make sure that there is no way someone with physical access to the
> > box can view or change the configuration - I'd rather the config were
> > destroyed than risk someone playing with it.
> 
> what you are actually saying is that you are willing to completely
> lose the router forever, i.e. trash the hardware, in exchange for
> no one physically present being able to change the config.  seems a
> bit extreme.

You don't trash the hardware. Just replace the
Flash card and you're set.

You can turn off single-user booting for FreeBSD
which should work similarily for JunOS. Still, if
you got physical access you could just steal the
CF card and the only thing to prevent that from
happening (or making it more ineffecient) would be
to add crypto to your disk. With crypto disks you
need to type in the password each time the router
restarts.

So essentially, what you want to do is possible
but does not give any real advantages.

   Kristian Larsson


More information about the juniper-nsp mailing list