285

I've tried to connect to a server via wget:

wget http://<user>:<pass>@serveradress

But wget responds: invalid port

I know that the server accepts incoming traffic at port 80. How can I fix this issue?

Braiam
  • 67,791
  • 32
  • 179
  • 269
pschmidt
  • 3,819
  • 1
    I don't think you can reliably use the user:pass@name syntax there; wget has separate command line options for those instead, so is probably naively parsing the string after the : as a port number. – geekosaur Mar 05 '11 at 03:02
  • This has been already answered to be able to download protected one drive link. https://stackoverflow.com/questions/62634214/how-to-download-protected-files-from-onedrive-using-wget/65862461#65862461 – Saanidhya Sharma Apr 25 '23 at 11:09

6 Answers6

348

Wget interprets <pass>@serveraddress as port. To specify a username and password, use the --user and --password switches:

wget --user user --password pass http://example.com/

From man wget:

--user=user

--password=password

Specify the username user and password password for both FTP and HTTP file retrieval. These parameters can be overridden using the --ftp-user and --ftp-password options for FTP connections and the --http-user and --http-password options for HTTP connections.

MadMike
  • 4,244
  • 8
  • 28
  • 50
Lekensteyn
  • 174,277
  • 99
    I prefer the --ask-password option described by Nabil Kadimi's answer. It has you enter the password invisibly on another line and avoids storing it in your shell history. – Kevin Apr 08 '14 at 01:23
  • 10
    @Kevin You can avoid storing it in the shell history by starting the line with at least one space (as shown by Nabil). If the password/resource is sensitive, then you should worry more about the unencrypted HTTP/FTP/whatever connection than storing it on your disk. – Lekensteyn Apr 08 '14 at 08:58
  • 2
    I agree to the unencrypted password issue being more important in some cases than the shell history, but the answer is also useful for secure protocols. Also, sometimes you DO have to worry more about spies that have access to your computer than online spies (that are not interested by the content you're accessing or for which you don't care). The --ask-password answer below is clearly better for interactive usage, while the --password answer here is easier for automation. The comment by Ixgr about .wgetrc and chmod is also interesting in some cases. – youen Jul 17 '17 at 12:21
  • As I understand the manual, pass is not interpreted as port. "You can also encode your username and password within a URL: http://user:password@host/path" " - manual – Tim Feb 19 '19 at 09:52
  • 2
    Beyond shell history command line arguments are viewable by ps. – gerardw Sep 09 '20 at 14:32
182

You have 3 options here. They are in no specific order other than gut feeling:

1. Password is visible to anyone (using the command history)

wget --user=remote_user --password=SECRET ftp://ftp.example.com/file.ext

The password will also be visible in ps, top, htop and similar.

2. Password is visible to anyone looking behind your shoulders

 wget --user=remote_user --password=SECRET ftp://ftp.example.com/file.ext

Notice the white space before the command, it prevents saving it to your history.

The password will also be visible in ps, top, htop and similar. (Thanks user412812)

3. Password is not visible to anyone including you

wget --user=remote_user --ask-password ftp://ftp.example.com/file.ext

Then you're asked for the password

Password for user `remote_user':
Nabil Kadimi
  • 2,212
  • 13
    While it is not visible in history, it is visible to all who conduct a ps, top, htop or similar command while the process is running. –  May 22 '15 at 20:04
  • 5
    If --ask-password is not available or you don't want to type the password every time, wget -i link.txt can help, where link.txt contains ftp://remote_user:SECRET@ftp.example.com/file.ext – tehnicaorg Apr 27 '18 at 13:57
14

You can also store the username and password in the file ~/.wgetrc and change the permissions of that file so that only your user can read it:

File ~/.wgetrc:

user=john
password=SEcrEt

... and then

chmod 600 ~/.wgetrc

Note, however, that user root can still peek into that file and read the password.

From the manpage:

To prevent the passwords from being seen, use the --use-askpass or store them in .wgetrc or .netrc, and make sure to protect those files from other users with "chmod". If the passwords are really important, do not leave them lying in those files either --- edit the files and delete them after Wget has started the download.

PerlDuck
  • 13,335
3

This should work (don't miss the quotes)

wget 'http://<user>:<pass>@<serveradress>/<path>/<filename>'

Example for my access to the builds on ftp server

wget 'ftp://DOMAIN\thomas:dasbleibtgeheim@build.server12321.dd/download/bins/lastnightly_v1.2.3.bin'

Note: To avoid to get this in your shell history add a space in front of wget --> wget

Th. Thielemann
  • 141
1

You can provide authentication credential via --user=USERNAME and --password=PASSWORD; based on the man wget, the command can be overridden using the --http-user=USERNAME and --http-password=PASSWORD for http connection and the --ftp-use=USERNAME and --ftp-password=PASSWORD for ftp connection.

Melebius
  • 11,431
  • 9
  • 52
  • 78
Ishmael MIRZAEE
  • 159
  • 1
  • 3
-1

The command could have used --http-user and --http-password instead of --user and --password. In case of ftp request the options are --ftp-user and --ftp-password.

0xF2
  • 3,154
Mradul
  • 11
  • 2
    This is not entirely correct: man wget indicates that --user and --password are valid options, which can be overridden by --http-user or --ftp-password – Charles Green Jun 15 '17 at 13:04