SSH can serve as a wrapper around arbitrary TCP traffic to create a secure way of accessing unencrypted services such as POP3, IMAP, or HTTP.
Local - “Take this port on the SSH server and make it local to my client”
ssh -L 8080:port.codes:80 firstname.lastname@example.org
Can ensure securely entering admin credentials into your web app
Remote - “Take this port on my client and attach it to the remote server”
Dynamic - Essentially creates a SOCKS proxy on the SSH client allowing any request to proxy out through the server, giving access to the server’s entire network
OpenSSH supports building generic tunnels that can pass all traffic and protocols, not just TCP
Not supported by PuTTy
When a TCP packet is lost, it retransmits
Wrapping TCP in TCP amplifies this effect
TCP-based VPNs collapse when congested
Not the greatest idea; probably the most complicated thing you can do with OpenSSH
A honeypot is a server that is intentionaly left open for attackers to exploit.
Once the attackers are in, they are dropped into an environment that looks like a typical server but is a decoy. Events on this machine are typically ignored and when a user logs off, their changes are deleted.