i assume you have setup public-private-key-authentication and tested its workings.

run local scripts remotely

You can run local scripts remotely by executing bash on the remote system and feeding it your script

ssh user@host ‚bash -s‘ < script.s

sftp

kick out that extra-ftp client – ssh now does it all 😀

and even more secure. (without sending your password clear-text over the internet)

http://dwaves.de/2015/04/21/linux-debian-setup-sftp-limiting-access-with-sftp-jails-on-debian-and-ubuntu/

basic VPN – port forwarding

well okay – this only lets you access ports of the server not exposed to the public.

VPNs are very complicated constructions… but they work well once they are setup. (pc(software VPN client)->VPN-server(e.g. mguard)->Company-LAN, Servers and Printers)

but it seems like you can setup some kind of VPN functionality with SSH: https://help.ubuntu.com/community/SSH_VPN

„poor techie’s vpn :-D“

this way you can connect two ports from server to client – via an encrypted tunnel – similar VPN.

thus access a service that is not publicly accessable – maybe because you do not want to share it – or it is unsafe to share.

All traffic will be send through an encrypted ssh-tunnel.

this way you could theoretically access an (not so secure) NFS share of your remote (web?) server – without actually exposing that port to the internet (firewall only allows connections from localhost).

don’t expect massive speeds… but it should work.

# on SERVER install telnet - just as an example
root@Debian8:~# apt-get install telnetd; # install telnet service
root@Debian8:~# service inetd restart; # restart inted
root@Debian8:~# service inetd status; # check it's status - all green continue

# on CLIENT
ssh -f user@server -L 9000:server:23 -N; # make port 23 of server accessible as localhost:9000
# no output = worked

lsof -i -P -n|grep 9000; # check if it worked
ssh     2771 user    4u  IPv6  23565      0t0  TCP [::1]:9000 (LISTEN)
ssh     2771 user    5u  IPv4  23566      0t0  TCP 127.0.0.1:9000 (LISTEN)

telnet localhost 9000; # now from client you should be able to access server's telnet

# if you want to kill the tunnel kill the process
ps uax|grep 9000
user      2771  0.0  0.1  76056  1360 ?        Ss   16:35   0:00 ssh -f user@debian8 -L 9000:debian8:23 -N
user      2791  0.0  0.0  76056   932 ?        Ss   16:52   0:00 ssh -f user@debian8 -L 9000:debian8:23 -N

kill 2771 2791; # in this case the process ids
killall ssh; # will also do the job (non-root user)
admin