You'll want the ability to upload files to your web site without having direct access to your server. However, where many sites on the Internet will tell you to accomplish this with IIS's FTP server, for security reasons it's not a good idea. This is because when you connect to IIS's FTP server, your user name and password will be sent in plain text...never a good idea when passing along user credentials over the Internet.
Instead, we'll use a tool called OpenSSH. This tool contains a client tool and a server tool, each that work together to provide a secure connection between two computers. On your server you'll install the server tool (and possibly the client tool if you'd like to talk to other computers from the server), and on your laptop or desktop you'll install the client tool so that you can securely communicate with the server. You'll mainly be using two command-line utilities in these tools: ssh and sftp. ssh is a telnet-like utility that offers a secure connection, and sftp is a a secure ftp utility.
Download the files and install the client binaries on your personal computer and then install the server binaries on your server computer. I install the sftp server utility as a windows service (it asks you this at some point in the installation process).
After downloading and installing, you need to configure the server sftp. Essentially, you need to make the sftp server aware of the users and groups on the server, so you need to issue some command-line directives. For the details of how to do this, read the "readme.txt" file that comes with OpenSSH and is found in the "C:\Program Files\OpenSSH\docs". What you'll do is make sftp aware of the groups on the server and make it aware of any particular users you want to grant sftp access to. Note: Although the documentation claims that Windows Server 2003 is not supported but will be soon, I have had no problem on this particular OS. I suspect the documentation was not updated at some point, since it was written in 2004.
After running the command-line directives, you'll find a file in the following location: "C:\Program Files\OpenSSH\etc\passwd". You might want to alter this file a little bit because it contains the directories your users will log into via sftp, and this is normally their standard Windows user directory. So, if you had a user by the name of "UserOne", in this file you'll see an entry immediately before the last colon character that looks like " /home/UserOne", and this sets UserOne's home directory via sftp as "C:\Documents and Settings\UserOne". The user will not be able to navigate above this directory when ftping, so if you want to set up a power user you might want to change this user's entry so their home directory is the C drive. Here would be the setting for this (keep in mind that OpenSSH uses cygwin syntax so this setting will not be intuitive to you):
/cygdrive/c
You will probably want to create a specific user on your machine for web site ftp. If you house all your sites in the same directory, you can set this user's home directory as the directory that contains all these directories, so this user will be able to navigate to any site that is needed. Then, when publishing files to your site, you'll log in as this user. The home directory in the passwd file for such a user might look like this:
/cygdrive/c/Inetpub/wwwroot
Also note that after you change the passwd file, you'll want to consider restarting the OpenSSH service, just in case it caches the credentials upon startup. I'm not sure how it works, but when changing a configuration file it is always a good idea to restart everything that depends upon it if you can afford to do so.
Now you need to open up the correct port in your firewall (assuming you have one) so that sftp can do its work. This is typically port 22 (not the normal port 21 for ftp).
Once you have the server component installed and configured and you have the client component installed on a personal computer, you can test sftp out to make sure it works. Assuming a server name of "MyServer.com", and a user name of "Fred", you'd be able to log in with the following command-line directive:
sftp Fred@MyServer.com
If you don't have a public domain yet, you can use the IP address of the server:
sftp Fred@192.168.1.50
You'll then be asked the password for this user, after which you'll be dropped off in the logged in user's (Fred) home directory.