Hide Forgot
Bug 1316829 describes an issue with X11Forwarding in sshd. We enable this by default. Upstream does not. We should consider disabling this by default to reduce our attack surface.
That would get us a huge backslash - And we definitely cannot do this change on already installed systems. And the X forwarding does not really increase the attack surface in normal use cases because it happens in the user process. It matters only in case the forced command feature is in effect.
Given the conversations and feedback, we will not be considering changing this default.