I'm creating a .bld that automatically uploads some stuff to two different servers, using VBP's built-in FTP command. I want this to be secure (mainly to avoid readable login info being transferred). One server supports SSL, and if I choose that option in the Security tab it works fine.

The other server however supports SSH (and not SSL/TLS/etc) as security protocol. If I log in there with a 3rd party FTP client like FileZilla, I have to choose the option "SFTP using SSH2" and everything works fine then. However, VBP does not seem to support this. I've tried each available Security option but it can't login.

Am I overlooking something, or is this just a no-go?

SFTP is not currently supported by the FTP action (adding support is on our list), but for now you can use an SSH tunnel to encrypt the FTP authentication.
http://www.visualbuild.com/Manual/plinktunnelaction.htm
http://www.visualbuild.com/Manual/networksample.htm
http://www.kinook.com/blog/?p=6

Ah great, thanks! Good to hear you will be adding SFTP, and the workaround looks promising. Will experiment with it right away!

Following up on your suggestion, when I originally tried it I couldn't get it to work. Now trying again, using the network.bld sample. The thing is: I got Putty set up correctly (at least I think so, I managed to connect and login once to accept the fingerprints). Plink works, window says: using username <myname>

But then the FTP step, which is set to connect to localhost at the local port which I configured in the plink step to be forwarded to myserver:22, immediately cancels with this message:

"Error connecting to FTP server: Unable to resynchronize with server"

Am I doing something wrong? Passive mode is enabled, and I filled in the correct username and password at both the FTP and Plink steps. If I open a telnet session manually (connecting to localhost localport) while the plink window is still open, I get a response:

"SSH-2.0-OpenSSH_3.8.1p1 Debian-8.sarge.6"

So there obviously is some sort of connection..?

What kind of FTP server is it? Are you able to connect to localhost (and the local tunnel port) with FileZilla? Please ZIP and send to support@kinook.com:
1) The info from Help | About | Install Info
2) The .bld file
3) A build log file with the Logging field on the Transfer tab of the FTP action Logging field set to 'All + hex dump'

Thanks.