Remote administration

Hello everyone. I want to connect to my Whonix Workstation located on a remote dedicated server. I have read the remote administration documentation page yet I still have a question.

My remote Whonix Workstation is setup using kvm on a dedicated server my settings are.
type - spice server
listen - address
address - all interfaces
port and password set.

I connect to this from my home Qubes Whonix Workstation using remote-viewer (virt-viewer) with spice. I do have to SSH into the dedicated server first and open the firewall port for KVM as soon as I have connected I close the port and continue with my work.

Is this secure? Is it possible to leak any information this way? Or should I consider moving to SSH for both my remote Gateway and Worksation

Added just now:

In case remote servers are exclusively available over .onion: Might get locked out due to Onion Services Reliability Issues.

SSH has a lower attack surface than VNC (for example Mouse Fingerprinting is not possible against simple SSH (terminal only, no X11 forwarding).

Sharing link to others what this is about:

I assume this is over Tor.

I cannot see any immediate issues except from documented issues on the wiki page that you had already seen.

Should be even without Tor though you are better off using the anonymity properties it has to offer. Spice was designed from the ground up for remote vm administration. For best results please look at redhat or upstream documentation on how to set this up.