Trezor

Trezor (Model T/Model One/Safe 3/Safe 5/Safe 7) is a hardware security key that can be used to securely store SSH keys and authenticate SSH sessions.
The Trezor-agent software is a command-line utility that allows you to use your Trezor Model T to authenticate SSH connections without exposing your private keys to the network or the computer you are connecting from.
The Trezor Model T supports several different types of public keys, including RSA, ECDSA, and Ed25519.
RSA keys are still widely used, newer key type Ed25519 are generally considered to be more secure and efficient.

To Generate Ed25519 keys with the Trezor Model T and Trezor-agent software, you can simply use the command

 trezor-agent -e ed25519 user@host 

The key generation is based on the identity and host, so it cannot be changed.

To Connect:

 trezor-agent -e ed25519 -c user@host 

Some of the benefits of using hardware security keys like the Trezor Model T for SSH authentication include increased security and protection against key theft or compromise, as well as convenience and ease of use.

Currently, Trezor hardware wallets can sometimes be found cheaply second-hand on eBay. Since they are commonly used to store BTC and other crypto assets, many users avoid second-hand USB hardware wallets because of security concerns.
Because of this, it is sometimes possible to find them second-hand for significantly less than their new retail value, especially during times when the BTC price dips.
From a security perspective, your mileage may vary. Using Trezor devices for SSH is not really an industry standard, which also means it has not been a major focus area for most attackers.