Cisco AnyConnect with TouchID on MacOS
Quite annoying that AnyConnect doesn’t support TouchID on MacOS, so you need to type in your password every time. But there’s a fix:
- AnyConnect also has a command-line version, the util is located in
/opt/cisco/anyconnect/bin/vpn
- It is interactive, so upon invoking you must enter your username and password
- This can be done by piping the username and password to the
vpn
utility - To prevent having your password in plaintext, you can use the command-line password manager
pass
that saves secrets in encrypted GPG files: https://www.passwordstore.org/ - However this means you now need to enter the GPG secret on every connect
- To solve this, install and configure the pinentry-touchid utility that replaces the built-in CLI dialog and saves the secret in the Keychain https://jorgelbg.me/2021/08/introducing-pinentry-touchid/
- Voila, now you can connect using TouchID
The following helper script from Superuser1 is useful to easily control the vpn status:
#!/bin/bash
# Easily connect to Cisco AnyConnect VPN
# Get first parameter
COMMAND="$1"
case $COMMAND in
connect | CONNECT | c | C)
printf "2\n${username}\n$(pass show my_password_entry)\n" | \
/opt/cisco/anyconnect/bin/vpn -s connect remote_host_url
;;
disconnect | DISCONNECT | d | D)
/opt/cisco/anyconnect/bin/vpn disconnect
;;
*)
cat <<EOF
Usage: vpnctl COMMAND
connect | CONNECT | c | C Connect to the VPN
disconnect | DISCONNECT | d | D Disconnect from the VPN
EOF
;;
esac
Reply
You must be logged in to post a comment.