Fortunately, the original VNC developers created some great pages 
describing this task in detail. You can see it here:

http://www.uk.research.att.com/vnc/sshvnc.html

The essence of that How-To is this: to open an SSH tunnel from 
your machine to a VNC server, you need two things:

1. An SSH client on the VNC Viewer side of the connection
2. An SSH server on the VNC Server side of the connection.

Note that the the SSH client machine does not have to be the same 
as the VNC Viewer machine; likewise, the SSH server machine does 
not have to be the same as the VNC Server!

Start the tunnel from the SSH client side like this:

ssh -l username -L clientport:host:hostport SSH-server-address

After this tunnel connects, any data that goes into "clientport"
on the SSH client will go into the tunnel and then emerge from 
the SSH-server destined for port "hostport" on "host".

For example, suppose your SSH client is not the same as your VNC
Viewer, but the SSH Server is the same as the VNC Server. Also,
suppose your VNC Server was listening on "Display 2". The command 
to setup a tunnel for this case is:

ssh -l username -L 5902:127.0.0.1:5902 SSH-server-address

Now if you point a VNC Viewer to Display 2 on the SSH client, you 
will connect to the VNC Server. Note: since the SSH Server and
VNC Server on the same machine, you will need to enable the
"AllowLoopback" setting on your VNC Server.

Another great OpenSSH setup tutorial specific to WinNT can be found here:

http://www.ece.utexas.edu/~luo/winvnc_ssh.html

Thanks to Peter Coulter (peter at coulter.ndo.co.uk) for the info!