First off, putting passwords in scripts is a VERY BAD idea. It doesn't matter if they are encrypted or not, because having the password in clear text for all to read is just a small part of the problem, The bigger problem is that passwords are likely to change over time and you will have to change the script (and probably several scripts, if you employ that mechanism more often) every time. Chances are you forget on of these scripts and this will only surface in the moment you need it least.
Another thing is, that, regardless of how you encrypt the password, all the tools necessary to decrypt it are on the system already, therefore, it doesn't matter if you put it there in clear text or encrypted. Suppose your password is encrypted with the /some/encryption
utility and will decrypted with the /some/decryption
utility. You encrypt the password, get some value and have now a line in your script looking like
/do/something -pw=$(/some/decryption <encrypted-PW>)
If i want to know the password and only have your script, what would prevent me from taking the encypted value from your script and issue
/some/decryption <encrypted-PW>
at the command line to get the unencrypted password myself?
If you do the decryption on the remote machine the problem stays the same: i will send the encrypted version and the remote system will decrypt it itself, so that the encrypted form of the password becomes the effective PW.
So, after this lengthy explanation of why this will not work in any way what will work?
Let us first rephrase the requirement: Something should be done at remote system X as user X. User A on the local system should initiate that using a script.
Now.create a user B at your local system. establish a line of trust between this user B and user X at the remote host by exchanging ssh-keys. User B(local) can now log on as user X(remote) without any password.
Now give the ownership of your script to this user B(local) and make it executable only for this user. User B would now be able to run this script and do the remote part without any password through the SSH-mechanism.
Now set up a sudo permission for User A(local) to run the script as user B(local). This way User A is not required to know the password for neither user B nor the remote system. He will still not be able to do anything else than run this script (sudo will prevent that).
Disable logging in for user B(local) so that nobody can misuse the line of trust established between user B(local) and user X(remote).
I hope this helps.
bakunin