SSH is a versatile tool. Here I will explain some things SSH can do that you may not be aware of such as local and remote port forwarding and operating as a socks5 proxy. I'm assuming your remote server has IP address 1.2.3.4 and the user on the remote server is ruser. Replace them with your own details.
Make remote services available locally without opening ports on the remote server
Say, there's a postgres server running on port 5432 on your remote VPS and it's listening only on localhost interface. And you want to connect to it from your local machine but you don't want to open the port on the server publicly for security reasons.
You can use local port forwarding and make it available on your local machine on port 8000 so it will look as if it's running locally on your machine. Execute what follows on local machine.
ssh -C -N -L 8000:localhost:5432 ruser@1.2.3.4
-C will compress data packets. -N will prevent execution of remote commands. It's useful for forwarding ports which is exactly what we're doing here. And -L localaddress:remoteaddress will setup local port forwarding.
Now, on your local machine, connect to localhost:8000 to access the postgres server which is actually running on the VPS! Crazy, right?
If you want to hide the fact that you are using OpenVPN, you can make use of local port forwading. Start OpenVPN server on the remote machine then use local port forwarding to make the VPN service appear locally on your computer. Start OpenVPN client on your computer and connect it to the newly available OpenVPN server on localhost. Your OpenVPN traffic will now go through SSH tunnel and therefore onlookers will see only SSH traffic!
Tunnel web traffic using socks5 proxy
Start a socks5 proxy by executing the following command on the local computer.
ssh -C -N -D 8888 ruser@1.2.3.4
-D port will setup a socks5 proxy on the specified port.
This command will make socks5 proxy available on localhost:8888 on the local machine.
Configure Firefox to use localhost:8888 as socks5 proxy. Also allow Firefox to proxy DNS over socks5 proxy too. Now to all the websites you visit in Firefox, it will seem as if your requests are coming from IP address 1.2.3.4. Note than only the applications which have the ability to connect via socks proxy can be used.
It's the next best thing to a VPN. You can use this when you're on untrusted networks or when you don't want ISPs to track you or to bypass content filters and geographic restrictions. If you use a streaming service and you have a VPS in the target country, you might be able to access certain shows which are blocked in your country but available in that country.
How to make local service public without opening any port locally
You can use remote port forwarding to make a service running on your computer available publicly. There are security implications in this, so beware! And keep your eyes on the logs.
First, add GatewayPorts yes to your server's /etc/ssh/sshd_config file and restart ssh service.
Make sure you have allowed traffic to come in from port 8888 on the server using ufw and then do the same from your VPS provider's dashboard.
sudo ufw limit in 8888
Start a local webserver (using an actual webserver like Nginx/Apache or using your favorite web framework) on your computer listening on localhost:5000.
Then run following command on the local machine.
ssh -C -N -R 8888:localhost:5000 ruser@1.2.3.4
-R remoteaddress:localaddress will setup remote port forwading.
Now requests coming to port 8888 on the server will be forwarded to port 5000 on your local machine. You can test it by going to 1.2.3.4:8888 in the browser or by running curl 1.2.3.4:8888 in the terminal.