Tunneling a connection through a firewall using ssh is pretty straight-forward (although it must be explicitly allowed by the sshd configuration). Here’s my script to do it (using autossh which helps to keep the ssh link up when there’s little activity).
#!/bin/bash
# Start a tunnel to ccom port 3389
echo "Starting a tunnel to ccom"
sudo autossh -M 20001 -L 3389:sandlance.ccom.nh:3389 -N vschmidt@ccom.unh.edu
echo "Now remote desktop to localhost."