Browsers already support certificate based authentication equivalent to SSH key based authentication. In practice, it is difficult to prevent (and impossible to detect) an unauthorized user from misusing the authentication either by stealing the browser certificate or simply using an unattended browser window for unauthorized access.
https://www.ssl.com/how-to/configuring-client-authentication...
https://medium.com/@sevcsik/authentication-using-https-clien...
And, if you click the links above, it is very cumbersome to set up.