The documentation for this is pretty terrible and we had to figure this out by trial and error.
The storage box has a password, which is secret and random if not provided. It can be reset to an arbitrary one in the console ("Reset password" in the dropdown menu). Cannot be disabled. It's the only way to use WebDAV and SMB. Always accepted by SSH (and thus SFTP) on either port. It is the only way to recover a storage container you have locked yourself out of after losing SSH keys.
The SSH server on port 22 rejects shell, but it allows spawning the SFTP backend. Requests for any other command or subsystem seem to fail, so it seems to be made specifically for SFTP use.
The SSH server on port 23 offers a limited shell (rsh) with rsync, restic and a few other whitelisted commands. No redirections, pipes or other common shell features you'd expect. (dd is whitelisted, so yo
