When i had to do something like that, i used expect
and a wrapper script that would fetch a password from a file.
I.e. in my password file i'd have something like
root@192.168.1.10 ThisIsMyPass
user@localhost thisIsMyOtherPass
and then have the wrapper script get (it could be simple as grep "root@192.168.1.10" ~/.passwords | cut -d ' ' -f2
)
Im guessing there are more appropriate methods, but with this one you only need to keep your wrapper and password file protected and you can make your setup script public.