Beyond the previously described security-related improvements, SSH also simplifies the use of remote X applications. If you run ssh with the option -X, the DISPLAY variable is automatically set on the remote machine and all X output is exported to the remote machine over the existing SSH connection. At the same time, X applications started remotely and locally viewed with this method cannot be intercepted by unauthorized individuals.
By adding the option -A, the ssh-agent authentication mechanism is carried over to the next machine. This way, you can work from different machines without having to enter a password, but only if you have distributed your public key to the destination hosts and properly saved it there.
Both mechanisms are deactivated in the default settings, but can be permanently activated at any time in the systemwide configuration file /etc/ssh/sshd_config or the user's ~/.ssh/config.
ssh can also be used to redirect TCP/IP connections. In the examples below, SSH is told to redirect the SMTP and the POP3 port, respectively:
ssh -L 25:mail.example.com:25 jupiter.example.com
With this command, any connection directed to jupiter.example.com
port 25 (SMTP) is redirected to the SMTP port on
mail.example.com via an encrypted channel. This is especially
useful for those using SMTP servers without SMTP-AUTH or POP-before-SMTP
features. From any arbitrary location connected to a network, e-mail can be
transferred to the home
mail server for delivery. Similarly,
all POP3 requests (port 110) on jupiter.example.com can be
forwarded to the POP3 port of mail.example.com with this
command:
ssh -L 110:mail.example.com:110 jupiter.example.com
Both commands must be executed as root, because the connection is made to privileged local ports. E-mail is sent and retrieved by normal users in an existing SSH connection. The SMTP and POP3 host must be set to localhost for this to work. Additional information can be found in the manual pages for each of the programs described above and also in the files under /usr/share/doc/packages/openssh.