Skip to content
Latchkey

wget --user and --password: HTTP Authentication

wget --user and --password supply HTTP Basic credentials, and --auth-no-challenge sends them without waiting for a 401.

Private package mirrors and repositories often use Basic auth. These flags pass credentials cleanly so a download does not hang or fail unauthorized.

What it does

wget --user and --password set credentials for HTTP and FTP. By default wget waits for a 401 challenge before sending them; --auth-no-challenge sends the Basic header on the first request, which some servers require. You can also embed credentials in the URL.

Common usage

Terminal
wget --user="$USER" --password="$PASS" \
  https://repo.example.com/private/app.bin
# send credentials pre-emptively
wget --auth-no-challenge --user="$USER" --password="$PASS" \
  https://repo.example.com/private/app.bin

Options

FlagWhat it does
--user=<name>Username for HTTP/FTP auth
--password=<pass>Password for HTTP/FTP auth
--http-user / --http-passwordHTTP-specific credential overrides
--auth-no-challengeSend Basic auth on the first request
--ask-passwordPrompt for the password (avoid in CI)

In CI

Use --user/--password from environment variables rather than baking them into the URL, since a URL with credentials can leak into logs. Add --auth-no-challenge for servers that reject the unauthenticated first request instead of issuing a 401 challenge.

Common errors in CI

ERROR 401: Unauthorized despite correct credentials usually means the server does not issue a challenge; add --auth-no-challenge. Username/Password Authentication Failed on FTP means wrong credentials. Never use --ask-password in a pipeline; with no TTY it hangs the job waiting for input.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →