ssh-keygen will generate 3072-bit RSA keys, equivalent to a 128-bit symmetric key, which people smarter than me say is sufficient.
One of these keys might look like this:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCo1/2nxzBea7BkBJmbPUO3fW7HYiUIS+85PuycJ36z iz/TP44IBkCFyFZxBanGDWfSJDL/L2cWJ21c3S9iRvDx2skKG7ZUHO04bWXeFcYoVhUKNrusj2bipy3N Q+uIDKLalYhoZvQA1qdrnO91V4GIcmXb94NTaOofT3TUVXeFyOuMHygMM86eUUppFy/j6B6lpIx52S3L utB4xV3Istgi+9hogkwRpcEOcQWXkwQIMWk1hJrNVw3u17Y0CLv1c1AOGhz1bdpRrnc20nOH3OWj6VW1 Qcd9VgVQx+JmtwBB4sUpm79shlv8tt0K/JxQ19zc9R/DHD2MXCPuHP9KDZ8+hpJWzyGAo1Q6/nPhHt6g zWAPsOw20EZ0XO9l2onCknnfcOQJdyYoW5Klqa2ZgGpfuWo2yK2cXaAv2rZgrw56CCeQbbLgNLT1Jsbn Q7VsILJBCg/zr+VoEbYFiGhixWWdTzqurcaozsoRcYzlMUV6SZOi3dCvTeLcOhyXKnieYJU=
As a binary embedded in a QR code, this could look like this:
If sufficient is good enough for you, then there is no reason to read this post, but if you want to be a special snowflake, then upgrade to an ed25519 key!
Ed25519 keys are really short because instead of your key being two prime factors, you can just use any random noise as a private key, and generate your corresponding public key from that. Generate them like this:
ssh-keygen -t ed25519
This creates a really slim key, so in all of your
authorized_keys files, you’ll just look like
One line! So compact! Turn this into a QR code and it looks like
There are absolutely valid reasons for you to do this for security reasons, but none of these reasons is urgent. The thing that’s urgent for right now is vanity. Who wants a large 4096-bit key when you can have a key 10% that size, and perhaps more secure? I’ll tell you who. You. You want that.
These are also compatible with GnuPG