ssh tunnel VS. ssh tunnel + repeater

[lns]

Hey all,

I'm trying to weigh the pros and cons to the following two setups, and would like some input if possible.

I'm building a small, embedded (low power) server which will be housed at my client. I am going to be using SSH to securely tunnel myself from a remote location(s) to the server, and then log into the VNC server from there. I see two ways of doing this, both with their advantages and disadvantages:

First way is to simply use SSH alone and initiate a tunnel to the server to the remote workstation (something like 'ssh -L 5900:WorkstationIP:5900'). This is good because it eliminates the need for a VNC repeater, but bad because it would technically be another 'hop' (even though it would be on the same server I'm SSHing into) and would cause more processing to take place.

The other way would be to use SSH in addition to a VNC repeater on the same server. This way, I would create an SSH tunnel to the same server's VNC repeater port, and then go from there to the workstation(s). This method would allow me to assign static ID numbers to workstations which are on DHCP and hard to track otherwise (a huge benefit of using a VNC repeater in a DHCP environment!).

Which would be better in your opinion? Would the extra hop impose that much more of a bottleneck? What if 20 people were on it at the same time? Would it scale?

(P.S. I do know about the "TCP over TCP" argument in relation to tunneling VNC over SSH, but I'm willing to take that performance hit)