I would highly recommend Curve25519, etc., just because such keys are faster and less common than RSA public-private keys in today’s world. RSA 2048-bit keys are considered weak today, while the Curve25519 256-bit keys remain stronger. Also, the ChaCha20-Poly1305 cipher has an interesting backstory and doesn’t necessarily need hardware acceleration (which, in theory, could be borked by the HW-vendor) to obtain good performance.
Unfortunately, some SSH front-ends don’t play nice with Curve25519 public-private keys yet… (I’m pointing at the putty SSH client, but that may have improved from the last time I had to use it)