There are three types of FTP connections and SFTP:
FTP (port 21)
Plain, unencrypted FTP that defaults over port 21. Most web browsers support basic FTP.
Example for FileZilla, for Host: ftp//:SERVER-IP
FTPS (port 990)
Implicit SSL/TLS encrypted FTP that works just like HTTPS. Security is enabled with SSL as soon as the connection starts. The default FTPS port is 990. This protocol was the first version of encrypted FTP available, and while considered deprecated, is still widely used. None of the major web browsers support FTPS.
Example for FileZilla, for Host: ftps//:SERVER-IP
FTPES (port 21)
Explicit FTP over SSL/TLS. This starts out as plain FTP over port 21, but through special FTP commands is upgraded to TLS/SSL encryption. This upgrade usually occurs before the user credentials are sent over the connection. FTPES is a somewhat newer form of encrypted FTP (although still over a decade old), and is considered the preferred way to establish encrypted connections because it can be more firewall friendly. None of the major web browsers support FTPES.
Example for FileZilla, for Host: ftpes//:SERVER-IP
SFTP (port 22 or custom ssh port)
SFTP (Secure File Transfer Protocol), SFTP runs over SSH, but because SFTP runs over SSH it also has an issue that you can’t lock users into the home folder and because of that, we don’t recommend it for regular users (users can browse system files/folders). We recommend that you allow SFTP only via “/usr/libexec/openssh/sftp-server” shell or if you have a cloudlinux with cage-fs then you should use /bin/bash.
The only secure solution is a cloudlinux for the secure SFTP as with any other users will be able to exit their home folder and see other users or list system folders/files.
You can change the shell for a user in cwp.admin (required for SFTP only)
Left Menu -> Security -> Shell Access, then select a user
* Default shell set for users in cwp is: /sbin/nologin (this disables SSH/SFTP)