[HorstG]

I do consider HashKnownHosts harmful. Not only does it provide only the shallow appearance of security, as TFA shows. Also, as other commenters have argued, an attacker can often obtain the same info from syslog or shell history.

But most problematic, I think, is that HashKnownHosts makes properly maintaining the known_hosts file tedious and error-prone. Its harder to remove hosts with known changed keys, and almost impossible to remove unneeded obsolete entries that have accumulated. Yet those old and obsolete keys could have been obtained by an attacker from recycled hardware or just by owning an old never-updated box. While this scenario might be unlikely, I would consider it just as unlikely that an attacker would find information only in known_hosts.