SSH tunneling allows you to connect to a MongoDB server that may not expose it's port directly to your desktop. This might happen for instance if your MongoDB server is within a cloud or subnet that is fire walled.
The following dialogue shows how this works. You want to connect to the Mongo Server, but its port 27017 is not reachable from your location. However, you have access to an EC2 server which does have access to the port. So you "tunnel" a connection to the EC2 server, which forwards your database commands to port 27017.
The screenshot below shows how you configure this in dbKoda. You specify the name of the remote server as usual, but you add the details of the intermediate system in the SSH tunnel section. In this case, our mongodb server is on ip-172-31-5-162.yada.yada.yada and we are tunneling in through the server "MyEC2". We authenticate to the EC2 server using a SSH keyfile.