Non-secure access to NetStorage

You can use (non-secure) password authentication for FTP a non-secure Rsync.

NetStorage offers access to a storage group via non-secure access methods. (This includes the FTP and non-secure Rsync protocols.) With these methods, you define a password and apply it to an upload account. When issuing requests via these protocols, you include this password (along with other values) for access to NetStorage.

Note: Non-secure "password" access methods are not recommended. We recommend that you use a secure (SSH) access method.

Non-secure password requirements

Various requirements and recommendations apply to a non-secure password:

  • Password Strength: Passwords used for non-secure access have specific strength requirements:
    Category Requirement
    Length A password must be at least six characters, but no longer that 20 characters in length
    Letter A password must contain at least one letter character (a-z, A-Z)
    Number A password must contain at least one number character (0-9)
    Repeating Characters A password cannot contain more than two consecutive matching characters ("aa" is OK, "aaa" is not supported)
    Match Requirement The values input in the Password and Confirm Password fields must match
    Known String Usage (Recommendation) We recommend that you avoid the use of easily known or recognized strings in a Password. (For example, do not use "abc123," or "<upload account name>:_123.")
  • Password Rotation (Recommended): It is recommended that you rotate a Non-secure password every three months. While this is not mandatory, you will be alerted via email once a password has reached this three month lifespan.

How do I create a non-secure password?

Adding an FTP or Rsync password is performed in the NetStorage Groups UI in Control Center, and the procedure is very similar. Passwords are set when creating or editing an upload account.

  1. In the Access Methods content panel for an upload account, click the applicable tab (FTP or Rsync).
  2. Click the + Add FTP/Rsync Password button.
  3. Populate these fields:
    • FTP/Rsync Password: Input a properly formatted password value.
    • Confirm Password: Input the exact same value set in the FTP/Rsync Password field.
    • Notes (Optional): Input any password-related information you feel is relevant in this field. Potential hints for the password can be set here.
    CAUTION: If using both FTP and Non-secure Rsync as an access method for the same upload account, values set for the FTP password and Rsync password must be different.
  4. Click the Add FTP/Rsync Password button to complete the process, and reveal an entry for the new password in the FTP/Rsync Authentication table.
  5. Save the upload account to add the changes.
  6. Make note of the Password value as well as the Username ("Id") of the upload account for later use.
    Note: An upload account can take from 60 - 120 minutes to propagate after creation or editing. The email addresses configured within the account will receive a notification once this process has completed. Any FTP or Rsync password added via this process will not be usable until this propagation has completed.