What's the logic of default permissions of /etc/ssh/ssh_known_hosts?

I would argue that the point of blocking access to that file is to prevent a intruder who has compromised your system from getting a list of hosts that your system my have access to. The similar logic applies to the HashKnownHosts option being enabled by default lately. You generally don't want your system to provide everything an intruder needs to get control of everything on your network.

If you only added hashed entries into your /etc/ssh/ssh_known_hosts I don't think it would really be as big of a deal since reversing the hash is not possible.

If this still happens then it seems to be a bug. ssh uses the users permission when it reads this file, so if it is not world readable then it has no effect at all.

I just tested id. If I set the permission of /etc/ssh/ssh_known_hosts to 600 then ssh displays that "The authenticity of host ... can't be established."

If I set it to 644, than I can login in to the remote server without the prompt.

sshd man page clearly states that "This file should be writable only by root/the owner and should be world-readable."

ssh keys should not be shared without good reason. /etc/ssh/* are configuration options that apply to all users. The ssh_known_hosts file is a way to specify a list of known hosts for all users that log into that box. I believe you can also add entries to /home/*/.ssh/known_hosts to apply a "known" host to a specific user. There should be no problems with the owner having read permissions.... in fact... all users should have read-permissions on that file. The concern is when you apply write permissions.

That file is used to identify the remote server's fingerprint... so when you ssh into your uber-secure server... you're actually ssh'ing into your server...and not some other server owned by a hacker that is playing man-in-the-middle.