SSH tunnels are useful for several things. You can easily pass any port through a firewall if it allows port 22 access, which most computers do. You can encrypt your connections, even if you don't need to create a tunnel for it. The syntax is easy:
ssh -L LOCALPORT:DESTINATION_HOST:REMOTEPORT USER@THIRD_PARTY_HOST
This allows you to connect to a DESTINATION host's REMOTEPORT, as if you were from THIRD_PARTY_HOST. The resulting tunnel can be used by connecting to localhost:LOCALPORT, which is a port on your own machine. “localhost” maps to your own computer.
For example, if I wanted to connect to a remote vnc server, which has a default port of 5900, and I wasn't able to connect directly to the computer due to a firewall, I could do this:
ssh -L 12345:work-pc.udel.edu:5900 email@example.com
Now I can just use host: localhost and port: 12345 in my vncviewer, and I'll have a secured connection to work-pc through a tunnel through strauss.
This is only required if you live off campus or have extended access granted.