Easily the best and safest way to do this is ... don’t use passwords for the connection!   Configure the two systems to use (unique) digital certificates, and disable password-authentication as an alternative.   (Otherwise, ssh will fall-back to passwords.)

Passwords are not a suitable authentication method for use with any encrypted connection, because mere knowledge of the magic word, e.g. that was lifted from the source-code of a forgotten script, is enough to let you in and to identify you as being who you claim to be.   A digital certificate, on the other hand, must be possessed, should be unique, and can be individually revoked.   Although the connection seems to have been made “without challenge,” in fact it is very strong.

Also, in a corporate setting, keys can be centrally managed using LDAP (OpenDirectory), so that the entire problem of “live passwords lying-around in scripts” can be completely eliminated.