Screen OS

Hi

First i now that this firewall is EOL 

 ("### image corrupted ###"  shown on the console)

I tried the TFTP procedure to reinstall the OS(ssg140.6.3.0r27) but after the image is loaded successfully i got:

> ********Invalid DSA signature
> 
> ********Bogus image - not authenticated

I could be a problem of signature so I would like to try with an old firmware signed prior 2014 to see if i can resurrect the beast unfortunately Juniper does not offer these old firmware on  download area. Could someone provide an old version?

Thanks

Michael

------------------------------
Michael Girard
------------------------------

To recover from this error and allow the device to boot you need to delete the signing key.

delete crypto auth-key

Then reboot the device and the new ScreenOS should load.

kb is here:

https://supportportal.juniper.net/s/article/How-to-Update-the-New-Image-Authentication-Key-and-Upgrade-Boot-Loader-ScreenOS-Firmware

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
------------------------------

Thanks Steve

The problem of deleting the signing key is i that the firewall is only showing the loader with TFTP parameters.  I cannot issue any command via CLI, unless you know the way to access CLI via loader?  This is the reason why i was asking for an old signed firmware as an intermediate recovery step.

------------------------------
Michael Girard
------------------------------

Original Message:
Sent: 09-08-2023 20:14
From: spuluka
Subject: SSG140 flash corrupted

To recover from this error and allow the device to boot you need to delete the signing key.

delete crypto auth-key

Then reboot the device and the new ScreenOS should load.

kb is here:

https://supportportal.juniper.net/s/article/How-to-Update-the-New-Image-Authentication-Key-and-Upgrade-Boot-Loader-ScreenOS-Firmware

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
------------------------------

As I recall the command is issued at the bootloader and not the cli so you should be able to run this after the bogus image response then reboot again to bypass the check.

Once this is up you can then follow the instructions to install the new signing key.

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home
------------------------------

Original Message:
Sent: 09-11-2023 05:53
From: Michael Girard
Subject: SSG140 flash corrupted

Thanks Steve

The problem of deleting the signing key is i that the firewall is only showing the loader with TFTP parameters.  I cannot issue any command via CLI, unless you know the way to access CLI via loader?  This is the reason why i was asking for an old signed firmware as an intermediate recovery step.

------------------------------
Michael Girard
------------------------------


Original Message:
Sent: 09-08-2023 20:14
From: spuluka
Subject: SSG140 flash corrupted

To recover from this error and allow the device to boot you need to delete the signing key.

delete crypto auth-key

Then reboot the device and the new ScreenOS should load.

kb is here:

https://supportportal.juniper.net/s/article/How-to-Update-the-New-Image-Authentication-Key-and-Upgrade-Boot-Loader-ScreenOS-Firmware

------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home