diff --git a/psftp.c b/psftp.c
index 37f39ff3..137320b8 100644
--- a/psftp.c
+++ b/psftp.c
@@ -1710,6 +1710,15 @@ int main(int argc, char *argv[])
     /* SFTP uses SSH2 by default always */
     cfg.sshprot = 2;
 
+    /*
+     * Disable scary things which shouldn't be enabled for simple
+     * things like SCP and SFTP: agent forwarding, port forwarding,
+     * X forwarding.
+     */
+    cfg.x11_forward = 0;
+    cfg.agentfwd = 0;
+    cfg.portfwd[0] = cfg.portfwd[1] = '\0';
+
     /* Set up subsystem name. */
     strcpy(cfg.remote_cmd, "sftp");
     cfg.ssh_subsys = TRUE;
diff --git a/scp.c b/scp.c
index 7a8cebde..f4c8d794 100644
--- a/scp.c
+++ b/scp.c
@@ -603,6 +603,15 @@ static void do_cmd(char *host, char *user, char *cmd)
     if (portnumber)
 	cfg.port = portnumber;
 
+    /*
+     * Disable scary things which shouldn't be enabled for simple
+     * things like SCP and SFTP: agent forwarding, port forwarding,
+     * X forwarding.
+     */
+    cfg.x11_forward = 0;
+    cfg.agentfwd = 0;
+    cfg.portfwd[0] = cfg.portfwd[1] = '\0';
+
     /*
      * Attempt to start the SFTP subsystem as a first choice,
      * falling back to the provided scp command if that fails.