I just fired up my ftp server and things seem to be running pretty smooth, but i am starting to think about security... I know that regular ftp is not encrypted, so i am starting to check out sftp...

Anybody got any suggestions?

SFTP is good. It works basically the same as regular FTP. Basically, you need to install the OpenSSH server, and allow connections on port 22. This will allow users on your system to have remote login access, as well as SFTP. I have more Here.

If you need Anonymous Access, or FTP users without Shell access, then SFTP is not the way to go.

I hope this helps
--Ian

If it's just for you to upload stuff personally, I'd use scp (secure cp over ssh; comes with ssh).

One thing that I forgot to mention, is I also want to be able to drag and drop via web browser...

Browsers will typically do ftp--not sure about sftp, however.

For drag and drop, you need a smart client--I have never seen one for Linux--but haven't looked either.

My RHEL4(work) and Ubuntu (home) both had sftp by default---works great

I thought about using one of those, but I'm nut sure if all of my users will like it...

I added a drag and drop to my companies website for all of the employees so the can back up all of their important files to our server... I figured that it is so simple, that nobody could mess it up or forget how to do it...
I also thought of using the local ip address of the server for the FTP, so I really wouldnt have to worry about security issues... But if someone needed their files when they are not at work, they would not have access to them...

There are several SFTP clients for Windows. Try Putty or WinSCP. Both have a graphical interface, and are very easy to use.

For Linux, open up the "Midnight Commander" profile and then navigate to your SFTP server in one pane using FISH, and then you can drag and drop.

I doubt that any web browser would support drag and drop for SFTP.

--Ian