At home I have a cable connection to the Internet. At my work I have access to a Windows share on a machine called fred. The share is called (for arguments' sake) "share". fred does not accept connections from outside my work's IP address range - but with an SSH tunnel I can still mount that share from home.
Similarly, I sometimes want to mount a Samba share at home from my Windows machine at work. My home system allows only ssh through, but with a tunnel, I can mount my home shares from work.
In general, either the machine you want to connect to has to support ssh connections OR you need access to another machine that both supports ssh and is permitted access to the machine you want to connect to.
My Unix workstation at work supports ssh, and it is permitted access to fred, so I use it to support my tunnel.
Assuming the workstation is called work, I'd use this command line to reach the Windows shares I need (it's all one line, broken up here for clarity only):
ssh -N -f
-L 2139:fred:139
kauer@work
The "-N" parameter says that there is no command to be run on the remote machine (work). The "-f" parameter says that ssh should go into the background once it has a password. The "-L" parameter is a local redirection.
The local redirection says "if I connect to port 2139 on the local machine (home), send the connection over the ssh link and make a connection from the other end (work) to fred on port 139".
One the tunnel is in place, I can mount my work share like this:
smbmount \\\\localhost\\share /mnt/smb -o port=2139
Notice that I connect to localhost! The local redirection on port 2139 takes that connection, feeds it through the ssh link to work, and from there the connection is made to the share on fred.
Another example: This redirection lets me tunnel all my email (IMAP and SMTP) over ssh to the mailserver (called mail at my work:
ssh -N -f
-L 143:mail:143
-L 25:mail:25
kauer@work
To use this tunnel, I just configure my mailer to connect to localhost for IMAP and SMTP.