I often use a 'hopping server' when connecting to clients, that means i need to login twice each time. To make my life easier i sometimes use an SSH tunnel so i can connect to clients directly.
SSH Tunnel can also be usefull when your office blocks netflix 😉
Local Port Forwarding
This will allow you to access remote servers direcly from your local computer. Let's assume you want to use RDP (3389) to a clients hosts (10.0.1.1) and your hopping server is 'hopping.server'
ssh -L 6000:10.0.1.1:3389 wieger@hopping.server
Now you can open Remote Desktop and connect to 'localhost:6000', directing you through the tunnel!
Remote Port Forwarding
This will make your local service/port acccessible from a remote host. Sometimes i use this to keep a 'backdoor' and login remotely (home or whatever).
Let's say you want to make a webapplication (TCP 443) availible at port 6000 on the remote SSH server
ssh -R 6000:localhost:443 wieger@bontekoe.technology
Now you should be able to connect to port 6000 on the remote host (bontekoe.technology)
Dynamic Forwarding (Proxy)
This is ideal for people who want to use the internet safely/anonymous or for offices where Netflix is blocked 😉
Use a remote server to tunnel all web traffic (eg. home server), connect through SSH to it using the -D flag
ssh -D 6000 wieger@bontekoe.technology
Now open up your browser settings, navigate to the connection properties and enter a Proxy server (manually using SOCKS). Use 127.0.0.1 as host and 6000 as port. The tunnel will remain open as long as you are connected through SSH.