wget --user and --password: HTTP Authentication
wget --user and --password supply HTTP Basic credentials, and --auth-no-challenge sends them without waiting for a 401.
Private package mirrors and repositories often use Basic auth. These flags pass credentials cleanly so a download does not hang or fail unauthorized.
What it does
wget --user and --password set credentials for HTTP and FTP. By default wget waits for a 401 challenge before sending them; --auth-no-challenge sends the Basic header on the first request, which some servers require. You can also embed credentials in the URL.
Common usage
wget --user="$USER" --password="$PASS" \
https://repo.example.com/private/app.bin
# send credentials pre-emptively
wget --auth-no-challenge --user="$USER" --password="$PASS" \
https://repo.example.com/private/app.binOptions
| Flag | What it does |
|---|---|
| --user=<name> | Username for HTTP/FTP auth |
| --password=<pass> | Password for HTTP/FTP auth |
| --http-user / --http-password | HTTP-specific credential overrides |
| --auth-no-challenge | Send Basic auth on the first request |
| --ask-password | Prompt for the password (avoid in CI) |
In CI
Use --user/--password from environment variables rather than baking them into the URL, since a URL with credentials can leak into logs. Add --auth-no-challenge for servers that reject the unauthenticated first request instead of issuing a 401 challenge.
Common errors in CI
ERROR 401: Unauthorized despite correct credentials usually means the server does not issue a challenge; add --auth-no-challenge. Username/Password Authentication Failed on FTP means wrong credentials. Never use --ask-password in a pipeline; with no TTY it hangs the job waiting for input.