diff --git a/lfs/config.go b/lfs/config.go
index 01989577..a6bc1db3 100644
--- a/lfs/config.go
+++ b/lfs/config.go
@@ -161,7 +161,11 @@ func (c *Configuration) SetAccess(authType string) {
 func (c *Configuration) EndpointAccess(e Endpoint) string {
 	key := fmt.Sprintf("lfs.%s.access", e.Url)
 	if v, ok := c.GitConfig(key); ok && len(v) > 0 {
-		return strings.ToLower(v)
+		lower := strings.ToLower(v)
+		if lower == "private" {
+			return "basic"
+		}
+		return lower
 	}
 	return "none"
 }
diff --git a/lfs/config_test.go b/lfs/config_test.go
index 00b8bf0e..da9f2641 100644
--- a/lfs/config_test.go
+++ b/lfs/config_test.go
@@ -309,6 +309,46 @@ func TestBatchAbsentIsTrue(t *testing.T) {
 	assert.Equal(t, true, v)
 }
 
+func TestAccessConfig(t *testing.T) {
+	type accessTest struct {
+		Access        string
+		PrivateAccess bool
+	}
+
+	tests := map[string]accessTest{
+		"":            {"none", false},
+		"basic":       {"basic", true},
+		"BASIC":       {"basic", true},
+		"private":     {"basic", true},
+		"PRIVATE":     {"basic", true},
+		"invalidauth": {"invalidauth", true},
+	}
+
+	for value, expected := range tests {
+		config := &Configuration{
+			gitConfig: map[string]string{
+				"lfs.url":                        "http://example.com",
+				"lfs.http://example.com.access":  value,
+				"lfs.https://example.com.access": "bad",
+			},
+		}
+
+		if access := config.Access(); access != expected.Access {
+			t.Errorf("Expected Access() with value %q to be %v, got %v", value, expected.Access, access)
+		}
+
+		if priv := config.PrivateAccess(); priv != expected.PrivateAccess {
+			t.Errorf("Expected PrivateAccess() with value %q to be %v, got %v", value, expected.PrivateAccess, priv)
+		}
+	}
+}
+
+func TestAccessAbsentConfig(t *testing.T) {
+	config := &Configuration{}
+	assert.Equal(t, "none", config.Access())
+	assert.Equal(t, false, config.PrivateAccess())
+}
+
 func TestLoadValidExtension(t *testing.T) {
 	config := &Configuration{
 		gitConfig: map[string]string{},