Comment by vladvasiliu
2 years ago
Same way you'd get the password? It's either a physical or virtual server you more or less control, in which case the siblings' answers apply. Otherwise, it's probably some kind of image or something someone else controls, in which case bake in or send them your public key or certificate (if you've got colleagues in the same situation as yourself).
Getting a password does not require modifying the system. Injecting a public key does.
The password needs to be generated somehow, right? Assuming you don't you use a pre-baked password that repeats across machines, you could replace the password generation and retrieval with deploying a public key instead.
The remote system must generate its own SSH private key; you could use that opportunity to deploy the authorized keys before sealing the system as read-only.