You used to be able to use
/usr/sbin/systemsetup -f -setremotelogin off or
/usr/sbin/systemsetup -f -setremotelogin on to script disabling or enabling SSH on macOS.
Now that macOS has Privacy Preferences Policy Control, which needs a profile delivered by a user-approved MDM, you may get this error:
setremotelogin: Turning Remote Login on or off requires Full Disk Access privileges., which can be especially annoying if the script’s parent process isn’t code-signed (and thus can’t be used in a PPPC profile), as /usr/sbin/period isn’t, for example. (Read more at Use the systemsetup command-line utility on macOS Catalina 10.15.)
For now, a workaround for this is to simply load or unload the launch daemon that enables/disables SSH:
/bin/launchctl load -w /System/Library/LaunchDaemons/ssh.plist or
/bin/launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
P.S. Since these are things you’re scripting via something like Munki or Jamf, I’m assuming you’re testing the commands as root.