Man, I knew I was moving too fast...I meant enabling SSH on the vCenter appliance!  Apologies!

You can use the Set SSH REST method.

And with the more recent PowerCLI versions the Initialize-AccessSshSetRequestBody and Invoke-SetAccessSsh cmdlets it became very easy to use.
See the example at the end of the Set SSH page.

I saw that but I've never used invoke before.  When I tried the example at Set SSH.  I get The term 'Initialize-AccessSshSetRequestBody' is not recognized as the name of a cmdlet, function, script file, or operable program.

PowerCLI Version
----------------
VMware.PowerCLI 12.3.0 build 17860403
---------------
Component Versions
---------------
VMware Common PowerCLI Component 13.1 build 21605386
VMware Cis Core PowerCLI Component PowerCLI Component 13.1 build 21605976
VMware VimAutomation VICore Commands PowerCLI Component PowerCLI Component 13.1 build 21606170

Can you update your PowerCLI version

Ran into some dependency issues but was able to uninstall and reinstall to the latest.  I do get an error though when running the invoke.

Invoke-ApiClient : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
At C:\Program Files\WindowsPowerShell\Modules\VMware.Sdk.vSphereRuntime\8.0.1111.21624264\Private\vSphereApiClient.ps1:128 char:9
+ Invoke-ApiClient @invokeParams
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-ApiClient

Did you set the InvalidCertificateAction to Ignore with the Set-PowerCLIConfiguration cmdlet?

Did you check that TLS v1.1 and v1.2 are enabled on your station?
Check with

[enum]::GetNames([Net.SecurityProtocolType])

And eventually, change it with

[System.Net.ServicePointManager]::SecurityProtocol =[System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'

It looks to be set:

PS C:\Windows\system32> [enum]::GetNames([Net.SecurityProtocolType])
SystemDefault
Ssl3
Tls
Tls11
Tls12
Tls13

And the  InvalidCertificateAction?

I set it to ignore:

Try setting the InvalidCertificateAction to prompt, that way you should see what is actually happening.

The SSL/TLS error could also be caused by a discrepancy between the vCenter name you use on the Connect-VIServer and what is defined in the certificate.

Hmmmm....I've set to prompt and disconnected and reconnected and still the same error.  Also I've validated that the cert is using the FQDN and that's what I'm connecting with.  I tried to connect with IP to compare behaviors and I get the prompt for invalid cert there but accepted it, then ran the Invoke-SetAccessSsh -AccessSshSetRequestBody $AccessSshSetRequestBody again, but still get the same SSL error.

As a last resort, did you stop/start your PowerCLI session?

If that doesn't help, then I'm out of ideas for now I'm afraid.

Yep, tried that.  I'll keep digging and update if I find anything.  Thanks for the help as always @LucD !