I have a few headless servers that I maintain with Apple Remote Desktop (ARD) over the Internet. This is not a tutorial on ARD or ssh, but a way to put simple tools together to make things more secure. I don't fully trust the ARD protocol, so I don't want to leave the port open. It is not possible to use ARD over ssh because ARD uses UDP packets that ssh can't forward the same way IPSec tunnels allow to. But IPSec tunnels can be a pain to configure and maintain, and are certainly not within reach of everyone. The servers all sit behind AirPort base stations set to only forward port 22 (ssh) to them. The ssh daemon is running on all servers.
ssh -L 5009:10.0.1.1:5009 root@server-nnn.dyndns.org
Where:Mac OS X Hints
http://hints.macworld.com/article.php?story=20031103194820538