By default, ssh-keygen will generate 3072-bit RSA keys, equivalent to a 128-bit symmetric key, which people smarter than me say is sufficient.

One of these keys might look like this:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCo1/2nxzBea7BkBJmbPUO3fW7HYiUIS+85PuycJ36z

As a binary embedded in a QR code, this could look like this:

If sufficient is good enough for you, then there is no reason to read this post, but if you want to be a special snowflake, then upgrade to an ed25519 key!

Enter ed25519

Ed25519 keys are really short because instead of your key being two prime factors, you can just use any random noise as a private key, and generate your corresponding public key from that. Generate them like this:

ssh-keygen -t ed25519

This creates a really slim key, so in all of your authorized_keys files, you’ll just look like

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/hBOfgryiHaeNkhjwehgKWIyTgNAvHbPiNPCrCyWd5

One line! So compact! Turn this into a QR code and it looks like

There are absolutely valid reasons for you to do this for security reasons, but none of these reasons is urgent. The thing that’s urgent for right now is vanity. Who wants a large 4096-bit key when you can have a key 10% that size, and perhaps more secure? I’ll tell you who. You. You want that.

These are also compatible with GnuPG