If the key is encrypted, then it doesn't exist as long as the password is good enough to resist a bruteforce.
But password requirements in this case are definitely higher. You can restrict login attempts in the remote ssh machine, but you can't restrict bruteforcing of stolen encrypted key.
You can also use bcrypt and adjust the work factor; assuming use of ssh-agent and/or shared connections, you could add a delay of multiple minutes to each try.
But password requirements in this case are definitely higher. You can restrict login attempts in the remote ssh machine, but you can't restrict bruteforcing of stolen encrypted key.