set Agent Forwarding to be disabled by default
Agent forwarding comes with security risks on servers that others have access to, and users of it should be aware of what they’re doing. At the moment, agent forwarding defaults to on, which means it’s far too easily to add a new host and forget to turn it off.
I suggest having this option disabled by default, so that those who specifically need it can turn it on.
Bonus: add a note that turning it on is not recommended for shared servers.
Good point. Thanks!
Brandon G commented
The following feature is a mitigation for the security risks of agent forwarding to shared servers: