I will type this as I complete the process:
So, I have recommited "set system ports console insecure".
Now, I will pretend I am the customer and will pull the power cable.
At the "Hit [Enter] to boot immediately, or space bar for command prompt." I press the spacebar and I get the following:
"Type '?' for a list of commands, 'help' for more detailed help.
loader> boot -s"
Then there's some more POST and then I get the following:
"Enter full pathname of shell or 'recovery' for root password recovery or RETURN for /bin/sh:"
So, I type "recovery" and the system goes through the rest of the boot up process ( does not ask for a password) and ends up with the following:
"Starting CLI ...
root>"
I can now see the complete configuration and can enter "configuration" mode.
This is NOT secure as then the customer can see the IP ranges involved with management and can even access our core systems through this process if they so wished.
There must be a simple way of disabling this?
The /boot/defaults/loader.conf file even suggests changing the 10 second default to -1 to stop this action from being allowed...... It doesn't make sense that this action cannot be stopped.
Junos OS version:
Model: srx340
Junos: 15.1X49-D140.2
JUNOS Software Release [15.1X49-D140.2]