Not really. By default SSH keys are kept in a private subdirectory of $HOME. An attacker who has access to it is very likely able to modify the user’s $PATH, trojan the passphrase prompt, and so on. Thus in many real‐world situations it collapses to one factor.

Contrast that to an SSH key tied to a WebAuthn token with "ssh-keygen -t ed25519_sk"—even a fully trojaned machine would not be able to freely initiate sessions with the compromised key.