# Install ssh-copy-id with Homebrew, Nix, winget

Add a public key to a remote machine's authorized_keys file. Version 10.4p1 via Homebrew; verified 2026-07-06.

## Install

```sh
sudo av install brew:ssh-copy-id
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install ssh-copy-id
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#ssh-copy-id
```

  Evidence: nixpkgs package indexes: ssh-copy-id from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix

### Windows

- winget (92%):

```sh
winget install --id axeprpr.SSHCopyID -e
```

  Evidence: Windows Package Manager source index: axeprpr.SSHCopyID from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:ssh-copy-id
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/ssh-copy-id>
- **Version:** 10.4p1
- **Source summary:** Add a public key to a remote machine's authorized_keys file
- **Homepage:** <https://www.openssh.com/>
- **Repository:** <https://github.com/openssh/openssh-portable>
- **Upstream docs:** <https://github.com/openssh/openssh-portable#readme>
- **License:** SSH-OpenSSH
- **Source archive:** <https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.4p1.tar.gz>
- **Last updated:** 2026-07-06T18:10:51Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- ssh-copy-id (cli)
- ssh-copy-id (alias)

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 10.4p1
- Package-manager updated: 2026-07-06
- Local data: ok
- Upstream repository: https://www.openssh.com/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

ssh-copy-id is the small OpenSSH-adjacent shell utility that installs a user's public SSH key into a remote account's authorized_keys file.

### Project history

OpenSSH itself began in 1999 when OpenBSD developers forked the free SSH 1.2.12/OSSH lineage, cleaned up licensing and portability issues, and shipped OpenSSH 1.2.2 with OpenBSD 2.6 on December 1, 1999. The portable OpenSSH tree was split out almost immediately for Linux and other Unix systems.

The ssh-copy-id script in the OpenSSH portable repository carries Philip Hands copyright from 1999 onward and describes itself as a shell script to install public keys on a remote machine. Over time it gained contributions for options such as force mode, dry-run mode, SFTP mode, alternate target paths, SSH config files, and port handling.

### Adoption history

ssh-copy-id became common Unix CLI glue because it automates the manual public-key setup described by ssh documentation: place a public key in the remote user's authorized_keys file. Homebrew packages it separately from the main OpenSSH formula for macOS users, while the input facts also list Nix and winget package names.

### How it is used

The usual workflow is to run ssh-copy-id [-i identity_file] [user@]host. The script selects public keys from ssh-agent or from ${HOME}/.ssh/id*.pub, checks which keys are not already accepted, and appends the selected public keys to the remote .ssh/authorized_keys path unless a different target path is requested.

### Why package nerds care

ssh-copy-id is package-manager folklore: a tiny shell script that saves users from remembering the exact ssh, mkdir, chmod, and cat incantation for public-key login setup. It is also a reminder that small contrib utilities can become first-class packages when operating systems omit them or users want them independently.

### Timeline

- 1999: OpenSSH project began and OpenSSH 1.2.2 shipped with OpenBSD 2.6.
- 1999: ssh-copy-id copyright begins with Philip Hands in the portable script.
- 2014: openssh/openssh-portable mirror repository created on GitHub.
- 2026: Homebrew formula tracks OpenSSH portable 10.3p1 for ssh-copy-id.

### Related projects

- Related commands and files include ssh, ssh-keygen, ssh-agent, ssh-add, sshd, OpenSSH portable, ${HOME}/.ssh/id*.pub, and .ssh/authorized_keys.

### Sources

- <https://api.github.com/repos/openssh/openssh-portable>
- <https://formulae.brew.sh/api/formula/ssh-copy-id.json>
- <https://github.com/openssh/openssh-portable/blob/master/contrib/ssh-copy-id>
- <https://www.openssh.com/history.html>
- input.source_facts.package-manager


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Credential files

- Unix: ${HOME}/.ssh/id*.pub, ${HOME}/.ssh/id*, .ssh/authorized_keys
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** ssh-copy-id
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** yes
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - ssh-copy-id: normalized package name match | nixpkgs package indexes: ssh-copy-id from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
- winget - axeprpr.SSHCopyID: normalized package name match | Windows Package Manager source index: axeprpr.SSHCopyID from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [openssh](https://www.automicvault.com/pkg/brew/openssh/) - Shares the same upstream homepage.
- [monkeysphere](https://www.automicvault.com/pkg/brew/monkeysphere/) - Shares av.db curated category or tags: authentication, cli, openssh, security, ssh.
- [duo_unix](https://www.automicvault.com/pkg/brew/duo-unix/) - Shares av.db curated category or tags: authentication, cli, security, ssh.
- [skm](https://www.automicvault.com/pkg/brew/skm/) - Shares av.db curated category or tags: cli, security, ssh.
- [ssh-audit](https://www.automicvault.com/pkg/brew/ssh-audit/) - Shares av.db curated category or tags: cli, security, ssh.
- [ssh-mitm](https://www.automicvault.com/pkg/brew/ssh-mitm/) - Shares av.db curated category or tags: cli, security, ssh.
- [ssh-vault](https://www.automicvault.com/pkg/brew/ssh-vault/) - Shares av.db curated category or tags: cli, security, ssh.
- [sshguard](https://www.automicvault.com/pkg/brew/sshguard/) - Shares av.db curated category or tags: cli, security, ssh.

## Combined YAML source

View the package source record on GitHub. [combined/ssh-copy-id.yml](https://github.com/automic-vault/db/blob/main/combined/ssh-copy-id.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
