We will be supplying SRX300 and SRX340 devices to customers on an ethernet core as an NTE device.
Currently I have everything configured to protect the NTE from any customer access, except one issue:
The customer could easily perform a password recovery by rebooting the device and pressing the spacebar. I have tested this and can confirm that the root password can be reset and then the configuration becomes visible to the customer.
To stop this I have logged onto the SRX340 as "root" and have entered the shell and navigated to "boot/defaults" and then vi "loader.conf" .... I set the line "autoboot_delay="10" " to be -1 as per recommendations, however, when I try and "save and quit" from vi.... I get told that root does not have permission.
Any ideas on how to get around this issue please?