For Junos Space and its associated applications, if you have forgotten the password to the super account (or have locked yourself out of the account), you can reset the password and/or unlock the account by modifying the super user’s entry in the
build_db DB of MySQL; via the Unix CLI in Space’s “debug” mode.
However in release 17.2R1, the default password of the jboss user (which is required in order to access the MySQL CLI in the first place) has changed.
As far as I can tell, Juniper has not documented this anywhere.
Update July 2018:
- Juniper have now documented this changed in a KB article (J-net login required).
- This process is will also work with Junos Space releases 18.1 and 18.2.
Previously, you would access the MySQL CLI using the user jboss and the password netscreenos:
In Space 17.2R1 (and above), the same credentials do not work:
So if you’ve locked your super user account or forgotten its password, what do you do now?
New SQL password
It seems as of 17.2, during installation, Space will automatically generate a random password for the jboss user of the MySQL database.
Lucky for us (?), Space also stores this generated password in plaintext (!! 😱) for us to reference.
The passwords are located at:
Dumping them to screen, we can copy the password for the jboss user:
You want the
mysql.jboss= string, which in the example above is:
This is your password to authenticate the MySQL jboss user!
You can now access the MySQL CLI:
<YOUR-JBOSS-PASSWORD> with the string retrieved above. You will now have access to the CLI.
Fixing the super account
Now that we have the password to access our MySQL CLI, we can finally unlock or reset the super account to regain access to our Space applications.
Unlocking the super account
If the super account is locked, you can unlock it from the MySQL CLI. Enter the following two DB queries/commands at the
mysql> shell prompt:
The super account should now be unlocked.
Changing the super account password
If you have forgotten the password to the super account, you can reset it by altering the database entry for the ‘super’ user. The password field takes an encrypted value. We will reset the password to the default value
juniper123. This will allow you to login and then change it to something more secure through the GUI.
To login to the DB and change the password in one command:
This fetches the jboss password from the
pwd file and executes the SQL statement to change the super user’s password to
ok89Nva6qHxytSHsP8AeLg== which represents
You should now be able to login to the Junos Space GUI using the username
super and password
Make sure to change the super password immediately to something more secure!