diff --git a/.mikaela/ssh/config b/.mikaela/ssh/config
index a2f1b5fb..f31c811c 100644
--- a/.mikaela/ssh/config
+++ b/.mikaela/ssh/config
@@ -2,6 +2,11 @@
 # access, but they should require SSH key authentication anyway.
 
 Host *
+    # Ensure KnownHosts are unreadable if leaked.
+    # While you might be reading this file from GitHub, I haven't
+    # specified all hosts here.
+    HashKnownHosts yes
+    
     # Verify SSHFP records. In case DNSSEC is used this skips the
     # question on whether you trust the fingerprint or not.
     VerifyHostKeyDNS=yes