I use use a security key to login to personal ssh services, which uses a single key. The key requires a physical touch in order to log in to devices though.

If something more robust is needed, ssh certs and principals can be used.

Some use Pam modules to require 2nd factor too.