Chaining ssh's: Note that for use of a ssh gateway and -L redirection to an internal host (e.g. "-L 5900:otherhost:5900") the VNC traffic inside the firewall is not encrypted and you have to manually log into otherhost to start x11vnc. Kyle Amon shows a method where you chain two ssh's together that encrypts all network traffic and also automatically starts up x11vnc on the internal workstation:
#!/bin/sh
#
gateway="example.com"	# or "user@example.com"
host="labyrinth"	# or "user@hostname"
user="kyle"

# Need to sleep long enough for all of the passwords and x11vnc to start up.
# The </dev/null below makes the vncviewer prompt for passwd via popup window. 
#
(sleep 10; vncviewer -encodings "copyrect tight zrle zlib hextile" \
    localhost:0 </dev/null >/dev/null) &

# Chain the vnc connection thru 2 ssh's, and connect x11vnc to user's display:
#
exec /usr/bin/ssh -t -L 5900:localhost:5900 $gateway \
     /usr/bin/ssh -t -L 5900:localhost:5900 $host \
     sudo /usr/bin/x11vnc -localhost -auth /home/$user/.Xauthority \
         -rfbauth .vnc/passwd -display :0
Also note the use of sudo(1) to switch to root so that the different user's .Xauthority file can be accessed. See the visudo(8) manpage for details on how to set this up (remove the sudo if you do not want to do this). One can also chain together ssh's for reverse connections with vncviewers using the -listen option. For this case -R would replace the -L (and 5500 the 5900, see the #2 example script above). If the gateway machine's sshd is configured with GatewayPorts=no (the default) then the double chaining of "ssh -R ..." will be required for reverse connections to work.

A user reports that SSVNC works properly in remote helpdesk mode using UltraVNC Single-click in Windows Vista.