Why I (heart) SSH
Two words: SSH tunneling.
SSH (Secure SHell) is an secure (encrypted) point-to-point communication protocol. At the simplest level, SSH connects a "client" to a "server" and opens up a "shell" or terminal session from client to server. Like Telnet, but all the traffic is encrypted "strong" cryptography (for suitably paranoid values of "strong").
But it's more than that - SSH can also act like a secure FTP server with the "scp" command. Try winscp, for example: it gives a full two-pane FTP-like interface, but uses SSH/scp (or SFTP if required) in the background.
And then le bombe: SSH can "tunnel" other connections between client and server, like a multiprotocol proxy that keeps track of connections - everything goes over the single encrypted channel, but is split back up at the end. Which means you can open a single port in your firewall but connect to a variety of network services remotely: file-sharing (SMB, NFS); media (UPnP); remote-clients (RDesktop, VNC, Xwindows); shared printers; etc.
Okay, so a working example.
I have a home network connected to the Internet through a regular ADSL2 modem. Inside the network, we use local IP addresses; outside, the modem translates our outgoing requests into it's own public IP (NAT). The modem has a built-in firewall, but it's very simplistic and really only allows "port forwarding" (i.e. any traffic to a port on the firewall is redirected to a port on an internal machine).
So I set-up an SSH server on a machine inside, and tell the modem to port-forward the SSH port to it. Now, whenever someone attempts to connect to my public IP address on port 22, the connection is handed over to a little black box inside the network. Combine that with dyndns (which gives my public IP address a host and domain name) and I can pop open a PuTTY session from work to home -- which is immediately pretty cool, as I can get my files and music (via SCP) and bounce from host to host as I like.
But better than that, by running a local Xserver called Xming, I can fire up GUI-fied programs on my home computers and have them appear on my screen at work! All built in to Unix, baby.
Better again, by setting up tunnels I can use my home system as a kind of traffic router. Tunnel the IPP ports and I can print to my home printer. Tunnel my home proxy and I have privacy at work (and at home, if I'm using TOR). Tunnel media streaming, or security cameras, or IP-enabled coffee machines.
In fact, the end-point of the tunnel doesn't have to be a local service: I can tunnel local (work) port 900 to the Google Talk servers, then I can use GTalk by connecting to localhost:900 instead of gtalk.google.com!
A bit rambly, but I'll write this up properly one day (promise).