blocks|key|1068609|text|使用-u标志包括用户名，curl将提示输入密码：|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1068610|curl+-u+username+http://example.com|code-block|syntax|javascript|1068611|您也可以在命令中包含密码，但这样您的密码就会出现在bash历史记录中：|1068612|curl+-u+username:password+http://example.com|1068613|entityMap^0|2|2|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@$9|R|A|S|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|T|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|U|8|@]|D|@]|E|$]]|$1|M|3|N|5|H|7|V|8|@]|D|@]|E|$I|J]]|$1|O|3|-4|5|6|7|W|8|@]|D|@]|E|$]]]|P|$]]

Use the <code>-u</code> flag to include a username, and curl will prompt for a password:

<pre><code>curl -u username http://example.com
</code></pre>

You can also include the password in the command, but then your password will be visible in bash history:

<pre><code>curl -u username:password http://example.com
</code></pre>

blocks|key|1068646|text|或者是相同的东西但是不同的语法|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1068647|curl+http://username:password@api.somesite.com/test/blah?something=123|code-block|syntax|javascript|1068648|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

Or the same thing but different syntax

<pre><code>curl http://username:password@api.somesite.com/test/blah?something=123
</code></pre>

blocks|key|1068703|text|您也可以通过以下方式直接发送用户名：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1068704|curl+-u+USERNAME+http://server.example|code-block|syntax|javascript|1068705|然后，Curl将要求您提供密码，并且密码将不会显示在屏幕上(或者如果您需要复制/粘贴命令)。|1068706|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

You can also just send the user name by writing:

<pre><code>curl -u USERNAME http://server.example
</code></pre>

Curl will then ask you for the password, and the password will not be visible on the screen (or if you need to copy/paste the command).

blocks|key|1068975|text|要在脚本中安全地传递密码(例如，防止它使用ps+auxf或日志显示)，可以使用-K-+flag+(从stdin读取配置)和以下文档：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1068976|curl+--url+url+-K-+<<<+"--user+user:password"|code-block|syntax|javascript|1068977|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

To securely pass the password in a script (i.e. prevent it from showing up with ps auxf or logs) you can do it with the -K- flag (read config from stdin) and a heredoc:

<pre><code>curl --url url -K- &lt;&lt;&lt; "--user user:password"
</code></pre>

blocks|key|1069051|text|通常将CURL命令称为|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1069052|curl+https://example.com\?param\=ParamValue+-u+USERNAME:PASSWORD|code-block|syntax|javascript|1069053|如果您没有任何密码，或者想跳过命令提示符，要求输入简单的密码，请将password部分留空。|1069054|即curl+https://example.com\?param\=ParamValue+-u+USERNAME:|offset|length|style|CODE|1069055|entityMap^0|0|0|0|1|1K|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|R|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|S|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|T|8|@$K|U|L|V|M|N]]|9|@]|A|$]]|$1|O|3|-4|5|6|7|W|8|@]|9|@]|A|$]]]|P|$]]

Usually CURL command refer to as

<pre><code>curl https://example.com\?param\=ParamValue -u USERNAME:PASSWORD
</code></pre>

if you don't have any password or want to skip command prompt to demand for password simple leave the password section blank.

i.e. <code>curl https://example.com\?param\=ParamValue -u USERNAME:</code>

blocks|key|1283659|text|curl+-X+GET+-u+username:password++{{+http://www.example.com/filename.txt+}}+-O|type|code-block|depth|inlineStyleRanges|entityRanges|data|syntax|javascript|1283660|unstyled|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|G|8|@]|9|@]|A|$B|C]]|$1|D|3|-4|5|E|7|H|8|@]|9|@]|A|$]]]|F|$]]

<pre><code>curl -X GET -u username:password {{ http://www.example.com/filename.txt }} -O
</code></pre>

blocks|key|1069022|text|非常简单，执行以下操作：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1069023|curl+-X+GET/POST/PUT+<URL>+-u+username:password|code-block|syntax|javascript|1069024|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

pretty easy, do the below:

<pre><code>curl -X GET/POST/PUT &lt;URL&gt; -u username:password
</code></pre>

blocks|key|1068730|text|让密码至少不会出现在你的.bash_history中|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1068731|curl+-u+user:$(cat+.password-file)+http://example-domain.tld|code-block|syntax|javascript|1068732|entityMap^0|C|D|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@$9|N|A|O|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|P|8|@]|D|@]|E|$I|J]]|$1|K|3|-4|5|6|7|Q|8|@]|D|@]|E|$]]]|L|$]]

To let the password least not pop up in your <code>.bash_history</code>:

<pre><code>curl -u user:$(cat .password-file) http://example-domain.tld
</code></pre>

blocks|key|1283580|text|您可以使用如下命令：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1283581|curl+-u+user-name+-p+http://www.example.com/path-to-file/file-name.ext+>+new-file-name.ext|code-block|syntax|javascript|1283582|则会触发HTTP密码。|1283583|参考：http://www.asempt.com/article/how-use-curl-http-password-protected-site|offset|length|1283584|entityMap|0|LINK|mutability|MUTABLE|url|http://www.asempt.com/article/how-use-curl-http-password-protected-site^0|0|0|0|3|1Z|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|W|8|@]|9|@]|A|$]]|$1|I|3|J|5|6|7|X|8|@]|9|@$K|Y|L|Z|1|10]]|A|$]]|$1|M|3|-4|5|6|7|11|8|@]|9|@]|A|$]]]|N|$O|$5|P|Q|R|A|$S|T]]]]

You can use command like,

<pre><code>curl -u user-name -p http://www.example.com/path-to-file/file-name.ext &gt; new-file-name.ext
</code></pre>

Then HTTP password will be triggered.

Reference:
<a href="http://www.asempt.com/article/how-use-curl-http-password-protected-site" rel="noreferrer">http://www.asempt.com/article/how-use-curl-http-password-protected-site</a>

blocks|key|1068803|text|简单明了地说，最安全的方法是使用环境变量来存储/检索凭据。因此，curl命令如下所示：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1068804|curl+-Lk+-XGET+-u+"${API_USER}:${API_HASH}"+-b+cookies.txt+-c+cookies.txt+--+"http://api.somesite.com/test/blah?something=123"|code-block|syntax|javascript|1068805|然后调用restful+api并传递带有Base64编码值API_USER和API_HASH的http+WWW_Authentication头。-Lk只是告诉curl遵循http+30x重定向，并使用不安全的tls处理(即忽略ssl错误)。而double+--只是bash语法糖来停止处理命令行标志。此外，-b+cookies.txt和-c+cookies.txt标志通过-b发送cookies和-c本地存储cookies来处理cookies。|offset|length|style|CODE|1068806|手册中有更多的examples+of+authentication方法。|1068807|entityMap|0|LINK|mutability|MUTABLE|url|http://curl.haxx.se/docs/httpscripting.html#Basic_Authentication^0|0|0|T|8|12|8|1G|I|20|3|3K|2|49|E|4O|E|56|2|5I|2|0|7|Q|0|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Y|8|@$I|Z|J|10|K|L]|$I|11|J|12|K|L]|$I|13|J|14|K|L]|$I|15|J|16|K|L]|$I|17|J|18|K|L]|$I|19|J|1A|K|L]|$I|1B|J|1C|K|L]|$I|1D|J|1E|K|L]|$I|1F|J|1G|K|L]]|9|@]|A|$]]|$1|M|3|N|5|6|7|1H|8|@]|9|@$I|1I|J|1J|1|1K]]|A|$]]|$1|O|3|-4|5|6|7|1L|8|@]|9|@]|A|$]]]|P|$Q|$5|R|S|T|A|$U|V]]]]

Plain and simply put the most secure way would be to use environment variables to store/retrieve your credentials. Thus a curl command like:

<pre><code>curl -Lk -XGET -u "${API_USER}:${API_HASH}" -b cookies.txt -c cookies.txt -- "http://api.somesite.com/test/blah?something=123"
</code></pre>

Would then call your restful api and pass the http <code>WWW_Authentication</code> header with the Base64 encoded values of <code>API_USER</code> and <code>API_HASH</code>. The <code>-Lk</code> just tells curl to follow http 30x redirects and to use insecure tls handling (ie ignore ssl errors). While the double <code>--</code> is just bash syntax sugar to stop processing command line flags. Furthermore, the <code>-b cookies.txt</code> and <code>-c cookies.txt</code> flags handle cookies with <code>-b</code> sending cookies and <code>-c</code> storing cookies locally.

The manual has more <a href="http://curl.haxx.se/docs/httpscripting.html#Basic_Authentication" rel="nofollow noreferrer">examples of authentication</a> methods.

blocks|key|1069077|text|在某些API中，它可能无法工作(如rabbitmq)。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1069078|有另一种选择：|1069079|curl+http://username:password@example.com

curl+http://admin:123456@example.com|code-block|syntax|javascript|1069080|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|L|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|M|8|@]|9|@]|A|$G|H]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

In some API maybe it does not work (like rabbitmq).
there is alternative:
<pre><code>curl http://username:password@example.com

curl http://admin:123456@example.com
</code></pre>

blocks|key|1068862|text|如果你在一个有Gnome+keyring+app的系统上，避免直接暴露密码的一个解决方案是使用gkeyring.py从keyring中提取密码：|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1068863|server=server.example.com
file=path/to/my/file
user=my_user_name
pass=$(gkeyring.py+-k+login+-tnetwork+-p+user=$user,server=$server+-1)

curl+-u+$user:$pass+ftps://$server/$file+-O|code-block|syntax|javascript|1068864|entityMap|0|LINK|mutability|MUTABLE|url|https://github.com/kparal/gkeyring^0|1B|B|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@$A|R|B|S|1|T]]|C|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|C|$G|H]]|$1|I|3|-4|5|6|7|V|8|@]|9|@]|C|$]]]|J|$K|$5|L|M|N|C|$O|P]]]]

If you are on a system that has Gnome keyring app a solution that avoids exposing the password directly is to use <a href="https://github.com/kparal/gkeyring" rel="nofollow">gkeyring.py</a> to extract the password from the keyring:

<pre><code>server=server.example.com
file=path/to/my/file
user=my_user_name
pass=$(gkeyring.py -k login -tnetwork -p user=$user,server=$server -1)

curl -u $user:$pass ftps://$server/$file -O
</code></pre>

blocks|key|1283755|text|您可以将gpg加密的netrc文件与curl一起使用，如下所示：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1283756|netrc_file="$HOME/netrc.gpg"
curl+--netrc-file+<(gpg+-d+$netrc_file)+https://...|code-block|syntax|javascript|1283757|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

You can use gpg encrypted netrc file with curl like so:
<pre><code>netrc_file=&quot;$HOME/netrc.gpg&quot;
curl --netrc-file &lt;(gpg -d $netrc_file) https://...
</code></pre>

blocks|key|1069117|text|您应该确定身份验证类型是什么。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1069118|如果是摘要认证，http头为：|1069119|GET+/xxxxxxxxxxx+HTTP/1.1
Host:+192.168.3.142
User-Agent:+Go-http-client/1.1
Authorization:+Digest+username="admin",+realm="admin@51200304-49-test",+nonce="5.1722929000077545",+uri="/xxxxxxxxxxx",+response="52d30eba90820f2c4fa4d3292a4a7bbc",+cnonce="f11900fe0906e3899e0cc431146512bb",+qop=auth,+nc=00000001
Accept-Encoding:+gzip|code-block|syntax|javascript|1069120|您可以使用--digest选项：|offset|length|style|CODE|1069121|++++curl++--digest+-u+'username:password'+'http://xxxxxxxxxxx'|1069122|entityMap^0|0|0|0|5|8|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|T|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|U|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|V|8|@$K|W|L|X|M|N]]|9|@]|A|$]]|$1|O|3|P|5|F|7|Y|8|@]|9|@]|A|$G|H]]|$1|Q|3|-4|5|6|7|Z|8|@]|9|@]|A|$]]]|R|$]]

You should make sure what is the authentication type.
If it is digest authentication , http header is:
<pre class="lang-sh prettyprint-override"><code>GET /xxxxxxxxxxx HTTP/1.1
Host: 192.168.3.142
User-Agent: Go-http-client/1.1
Authorization: Digest username=&quot;admin&quot;, realm=&quot;admin@51200304-49-test&quot;, nonce=&quot;5.1722929000077545&quot;, uri=&quot;/xxxxxxxxxxx&quot;, response=&quot;52d30eba90820f2c4fa4d3292a4a7bbc&quot;, cnonce=&quot;f11900fe0906e3899e0cc431146512bb&quot;, qop=auth, nc=00000001
Accept-Encoding: gzip
</code></pre>
you can use <code>--digest</code> option :
<pre class="lang-sh prettyprint-override"><code> curl --digest -u 'username:password' 'http://xxxxxxxxxxx'
</code></pre>

I want to access a URL which requires a username/password. I'd like to try accessing it with curl. Right now I'm doing something like:

<pre><code>curl http://api.somesite.com/test/blah?something=123
</code></pre>

I get an error. I guess I need to specify a username and password along with the above command.

How can I do that?

Using cURL with a username and password?

我想访问需要用户名/密码的URL。我想试着用curl访问它。现在我正在做一些类似这样的事情：curl http://api.somesite.com/test/blah?something=123我得到一个错误。我想我需要在上面的命令中指定用户名和密码。我该怎么做呢？

问使用带有用户名和密码的cURL？
EN

回答 14

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问使用带有用户名和密码的cURL？EN

回答 14

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问使用带有用户名和密码的cURL？
EN