You would generate SSH keys using
ssh-keygen, preferably ed25519, and the put the public key onto the remote machine inside the appropriate
authorized_keys file. Then when that is proven to work, password authentication can be fully disabled for the SSH daemon. There are very many tutorials and guides on how to do
key-based authentication.
Then once you have the keys working, use an agent on the client system. Your desktop might load one for you, in which case you just need to load the key using
ssh-add before launching your script.
See:
Code:
man ssh
man ssh-add
man ssh-agent
man ssh-keygen
If you do not have an agent available for use, then you can use
ssh-agent to launch your shell, load the key, then launch your script.
Code:
ssh-agent /bin/bash
If you use a strong passphrase with the private keys, then they are protected by AES-128 encryption. During the authentication they never leave the client and are used instead to deal with encrypted messages between the server and the client to verify identity.
(By the way, I would be very surprised if any security policy allows password-based authentication instead of keys.)