Hi,
I’m running HASSOS on a Yellow (really a RPi CM4) which has a hypervisor, supervisor, and a VM running HASS, and don’t see the hypervisor exposing anything other than SSH 22/tcp on low ports on the local LAN interface:
$ sudo nmap -sT homeassistant.local
PORT STATE SERVICE
22/tcp open ssh
MAC Address: E4:5F:DE:AD:BE:EF (Raspberry Pi Trading)
$ sudo nmap -sT -p T:80-9000 homeassistant.local
PORT STATE SERVICE
1883/tcp open mqtt
1884/tcp open idmaps
4357/tcp open qsnet-cond
5355/tcp open llmnr
5580/tcp open tmosms0
8123/tcp open polipo
MAC Address: E4:5F:DE:AD:BE:EF (Raspberry Pi Trading)
If you bring up a web shell, you can see the ‘inside out’ view doesn’t connect directly to the LAN (hint: netstat -p). I have run add-on(s) like SAMBA in the past, and Frank does package a FTP server*, but personally, I find it easier to use a web shell in HASS to scp/sftp out to other machines (e.g. to copy backups).
Do these creds work perhaps (FTP add-on default)?
username: hassio
password: changeme
I’d check your Add-ons config, and each one should have a Configuration tab to set non-default creds/ keys.
If this helps, 
this post!