Microsoft Remote Desktop client is directly available for Mac, installed it. Preferences are saved using the File -> Edit a Connection setting.
For tunnelled VNC, ssh provides multiple tunnels using the -L option, with the syntax
ssh -L 10000:localhost:8080 -L 10001:localhost:8081 firstname.lastname@example.org
where 10000 and 10001 are the local ports and 8080 and 8081 the ports on the remote machine.
Checking out VNC clients, Chicken of the VNC and Chicken are recommended by many, but did not work for me, probably because they don't support the tight option? Finally opted for using the browser based client, by going to
http://localhost:58xx for display xx. For this, ports 58xx and 59xx should both be tunnelled.