Update: The question has since it was originally posted been edited to highlight one difference, namely that RDP v6 over TLS is used. While the answer may still be considered "okay", I must now argue that tunneling TLS over SSH is unnecessary due to a lack of relevant and likely threat-scenarios - assuming correct configuration of TLS certificates etc.
In an ideal world security decisions should always be supported by data, factual and objective data. Determining whether or not it's "worth the effort" to tunnel RDP through SSH would be done by combining knowledge of known attacks, classification of the information accessed (from a confidentiality, integrity and availability perspective) and the "cost" of implementing countermeasures.
Fact - There are a number of issues with protocol versions < 6.0 of RDP, such as MiTM-attacks (weak authentication, as briefly described here).
While I'm not aware of any real attacks leveraging the above mentioned vulnerability one clearly can't exclude the possibility of that happening, or to have happened. There are however a number of demonstrations scattered around the web illustrating how it could be exploited.
There are a number of things you need to figure out to make a "good" decision.
- "Sensitivity" of the information accessed
- The effort (time) of implementing the countermeasure (SSH-tunneling)
- Likelihood of someone intentionally targeting you to leverage the vulnerability to realize the threat. (Unfortunately very difficult, since data sharing within the security community of past incidents are few and far in between!)
If the effort for tunneling the connection over SSH is not overly costly and time consuming it would be a reasonable countermeasure to use as it would mitigate the above threat entirely.