The ssh protocol supports tunnelling, in which an open ssh connection can be used to encrypt and transfer all kinds of network traffic from one end of the ssh connection to the other.
If I can open an ssh connection to a machine inside a firewall, I can use it to do a wide variety of tasks from the perspective of that machine. My ssh client watches a local port, and requests to that port are sent through the ssh connection and sent to a server/port from the machine the ssh server is on. The mapping of local port to remote port is specified when you start the ssh connection.
A simple example would be to create a way to access a web server inside the firewall. Say the web server inside the firewall is called grover. I can't see it but the machine I'm connecting to inside the firewall can. Call that machine bird. If I start a ssh connection with the -L option like so:
ssh -L bird 8080:grover:80
The parts are:
ssh -L address-of-server localPort:remoteHost:remotePort
And the result is that local requests to 127.0.0.1:8080 will have the same results as a request to grover issued from bird on port 80.
Here's a document that describes doing the same thing in order to tunnel cvs through ssh to provide a secure transport.
How To Use CVS pserver with SSH
Dated: 01/23/2004