Overview

Storage Box

Storage Boxes offer storage capacity for both small and large amounts of data. Any data you save in your Storage Box is saved on several disks configured in a RAID array, increasing redundancy and fault tolerance. The disks are on a single host server. The data protection by RAID can tolerate several failed disks. In addition, checksums for the individual data blocks are used to detect and correct bit errors.

Access to Storage Boxes

You can either connect directly to the host server of your Storage Box (shell access) or manage your data via one of the supported network protocols (network access). Some network protocols allow you to setup a network-based mount point on one of your own devices, such as your local PC, for example. Once set up, the Storage Box data is additionally visible in a local directory of your own device.

You can order a new Storage Box in the Hetzner Console or at hetzner.com.

Pricing

For information about available plans and prices, see hetzner.com/storage/storage-box.

Each Storage Box comes with unlimited traffic.

Additional users

The original user is the main user. Via Hetzner Console, you can add additional users which will be sub-accounts. The main user has complete access to all directories — including all sub-account directories. Sub-accounts have access to their own sub-directory only.

main-user
├── file-main-user
├── dir-main-user/
└── sub-user-1
    ├── file-sub-user
    └── dir-sub-user/

If you want to delete a sub-account's directory, you have to delete the sub-account via Hetzner Console first.

Note that all sub accounts use the storage space of your Storage Box. To control storage usage, you can manually set a sub-account's directory to read-only. Then the sub-account users cannot upload or delete files. But they can access the sub-directory and download files.

Supported protocols

Before using any of the protocols listed below, open the overview of your Storage Box in Hetzner Console to check if the preferred protocol is enabled. If not, select the action "Change settings" and enable the respective protocol. The option "SSH Support" only enables port 23. SSH port 22 is always active.

• SSH port 22 (only SCP and SFTP, no interactive access)
• SSH port 23 (interactive access)
• SFTP
• SCP
• FTP
• FTPS
• SMB
• WebDAV

Using one of the supported protocols above, you can access the Storage Box via a domain that follows this format:

<username>.your-storagebox.de

Each Storage Box also comes with an IPv4 and IPv6 address. However, those IP addresses can change. For persistent setups, we recommend using the domain.

The protocols FTP, FTPS, SFTP, SCP, SMB/CIFS, HTTPS, and WebDAV are also available for sub-accounts. To access a sub-account, you should use the sub-account username and the domain of the sub-account (e.g uXXXXX-subX.your-storagebox.de) instead of the main account data.

Supported SSH key algorithms

If you use SCP, SFTP, rsync or BorgBackup, you can log in using SSH key authentication without entering a password.

Depending on the SSH port, you need to use a specific format for the public SSH key. The following keys are supported:

If you want to use the services over both ports, then you must store the public SSH key in both formats (RFC4716 and OpenSSH format) in the .ssh/authorized_keys file. Please note that a new line should be at the end of the file.

Each sub-account requires its own authorized_keys file in the sub-account's directory.

SSH host keys

When you connect to a server via SSH, the server first returns a fingerprint. Before the connection is fully established, the user has to confirm this fingerprint. Ideally, the user should have already obtained the server's fingerprint through a secure, independent method — i.e., not via the same SSH connection. This is required to verify whether the connection is indeed to the intended server, and to ensure that the connection has not been intercepted or tampered with by a third party (Man-in-the-Middle attack).

Our host servers for Storage Boxes only have one of the fingerprints listed below. If you connect directly to the host server (e.g. via SSH) and the fingerprint from your connection matches one of the following fingerprints, it confirms the authenticity of the connection.

SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM (ED25519)
SHA256:EMlfI8GsRIfpVkoW1H2u0zYVpFGKkIMKHFZIRkf2ioI (RSA)
SHA256:RWkLouD9tfTwdboJOzjiWo5njZI59Hcta82ttAWxDA0 (DSA)
SHA256:oDHZqKXnoMtgvPBjjC57pcuFez28roaEuFcfwyg8O5c (ECDSA)

MD5:12:cd:bd:c7:de:76:91:34:1c:24:31:24:55:40:ab:87 (ED25519)
MD5:3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3 (RSA)
MD5:4a:6a:54:ba:fd:4c:97:0c:6f:4f:ab:fa:f5:7a:0c:87 (DSA)
MD5:7c:48:da:35:ec:9e:39:9a:65:8d:55:c6:b9:75:5c:13 (ECDSA)

Snapshots

You can optionally save the current state of your Storage Box data by either:

• Taking a manual snapshot
• Enabling automatic snapshots

Snapshots are saved directly on your Storage Box. They capture the state of your data at the moment they are taken and track any changes made afterwards. These tracked changes will consume storage space from your Storage Box's storage capacity. For more information, see the Snapshot overview.

Resources and Attributes

The following resources and attributes are associated with this feature:

• Name
• Sub accounts
• SSH key
• Snapshots
• Dedicated server

Limits

• It is not possible to create the directories /etc and /lib on Storage Boxes
• It is not possible to disable password authorization
• You should never remove the executable right for the home directory. If you do, you will no longer be able to log in.

• Up to 10/20/30/40 manual snapshots per BX11/BX21/BX31/BX41 Storage Box respectively
• Up to 10/20/30/40 automatic snapshot slots per BX11/BX21/BX31/BX41 Storage Box respectively
• Up to 10 simultaneous connections per Storage Box account
• Up to 100 sub-accounts per Storage Box
• Up to 1-10 Gbit/s per host server

  Since the host servers are shared by multiple Storage Boxes, the available speed may vary over time depending on how many customers attempt to access the same host server simultaneously.