Here's my current dilemma. I want to make a rdp or ssh connection from a server 2003 machine to a windows 7 workstation. I want the rdp or ssh connection to be tunneled through some sort of virtual private connection (whether that be vpn or a vps) preferably with an AES-256 cipher, but I don't want all of the traffic to be tunneled. I also would like 2 forms of authentication to be able to access the connection such as username/pass and rsa key or something else that would work along the same lines. Also I'll need everything to be able to pass a vulnerability test and any open port will result in failure.
I'm in the brainstorming stages so I figured I'd ask the community here before I really dig into it. Is this possible and is there any way I could make this more secure? Also should I use SSH or RDP? I know ssh is more secure, I was just wondering if there were pros and cons to both.