With a cleartext known_hosts
, attackers would easily know which servers you connect to. There is an article and an MIT paper about a potential ssh worm making use of a readable known_hosts
. Of course usually there are other, yet more cumbersome ways to determine your daily ssh logins, such as your shell history, that an attacker could use.
Note that you can still work with your hashed known_hosts
using the ssh-keygen
utility program:
ssh-keygen -F myhost # shows myhosts's line in the known_hosts file
ssh-keygen -l -F myhost # additionally shows myhost's fingerprint
ssh-keygen -R myhost # remove myhost's line from known_hosts
This, especially the last command, should be sufficient for 99% of cases users really need to access known_hosts
. You will lose ssh host tab completion though, of course.
Also note that the command line options to ssh-keygen
are case sensitive
There's also a relevant question at unix.SE.