There are 2 different systems you are discussing here:
- SSH daemon configured with the 'sftp-server' subsystem. You can use Secure Copy (scp) or Secure File Transfer Program (sftp) to transfer files/data between your client application and server, while SSH handles your link encryption. You can disable the 'sftp-server' subsystem and still transfer all your files using scp. Also know as SSH FTP.
- Remember your old FTP server? FTPS is the implementation of 'Security Extensions' for the old FTP, as defined in RFC2228
. This implements TSL/SSL encryption between client and server for confidentiality of authentication and data transfers. The vsftpd server is RFC2228 enabled as of version2 and works a treat.
You can (if you want) run both SSH FTP and FTPS servers, then access your system which ever suits your requirements at the time.
IMHO, I would configure vsftpd with TLS then chroot() your users where required. You can configure TLS to handle the whole session or only the authentication process if required, then drop back to plain text for transfer purposes, this saves encryption overheads while file transfering.
gFTP - SSH FTP and FTPS.
WinSCP - SSH FTP
SmartFTP - FTPS.
PuTTY - SSH command line client for windows PCs.