diff --git a/openssh-6.4p1-legacy-ssh-copy-id.patch b/openssh-6.4p1-legacy-ssh-copy-id.patch
new file mode 100644
index 0000000..72e2854
--- /dev/null
+++ b/openssh-6.4p1-legacy-ssh-copy-id.patch
@@ -0,0 +1,58 @@
+diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
+index ae88e99..8e1091c 100644
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -77,7 +77,7 @@ use_id_file() {
+     PUB_ID_FILE="$L_ID_FILE.pub"
+   fi
+ 
+-  PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
++  [ "x$SSH_COPY_ID_LEGACY" != "x" ] || PRIV_ID_FILE=$(dirname "$PUB_ID_FILE")/$(basename "$PUB_ID_FILE" .pub)
+ 
+   # check that the files are readable
+   for f in $PUB_ID_FILE $PRIV_ID_FILE ; do
+@@ -243,7 +243,7 @@ populate_new_ids() {
+   printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
+ }
+ 
+-REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
++[ "x$SSH_COPY_ID_LEGACY" != "x" ] || REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' "$@" 2>&1 |
+                  sed -ne 's/.*remote software version //p')
+ 
+ case "$REMOTE_VERSION" in
+@@ -268,7 +268,11 @@ case "$REMOTE_VERSION" in
+     ;;
+   *)
+     # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
+-    populate_new_ids 0
++    if [ "x$SSH_COPY_ID_LEGACY" != "x" ]; then
++      NEW_IDS=`eval "$GET_ID"`
++    else
++      populate_new_ids 0
++    fi
+     [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | ssh "$@" "
+ 		umask 077 ;
+ 		mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ;
+diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
+index 67a59e4..df7ce16 100644
+--- a/contrib/ssh-copy-id.1
++++ b/contrib/ssh-copy-id.1
+@@ -180,6 +180,18 @@ should prove enlightening (N.B. the modern approach is to use the
+ .Fl W
+ option, rather than
+ .Xr nc 1 ) .
++.Sh ENVIRONMENT
++.Bl -tag -width Ds
++.Pp
++.It Pa SSH_COPY_ID_LEGACY
++If the 
++.Cm SSH_COPY_ID_LEGACY
++environment variable is set, the
++.Nm
++is run in a legacy mode. In this mode, the 
++.Nm
++doesn't check an existence of a private key and doesn't do remote checks
++of the remote server versions or if public keys are already installed.
+ .Sh "SEE ALSO"
+ .Xr ssh 1 ,
+ .Xr ssh-agent 1 ,
diff --git a/openssh.spec b/openssh.spec
index 829cd75..b1b9588 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -184,6 +184,8 @@ Patch902: openssh-6.3p1-krb5-use-default_ccache_name.patch
 Patch903: openssh-6.3p1-increase-size-of-DF-groups.patch
 # FIPS mode - adjust the key echange DH groups and ssh-keygen according to SP800-131A (#1001748)
 Patch904: openssh-6.4p1-FIPS-mode-SP800-131A.patch
+# Run ssh-copy-id in the legacy mode when SSH_COPY_ID_LEGACY variable is set (#969375
+Patch905: openssh-6.4p1-legacy-ssh-copy-id.patch
 
 
 License: BSD
@@ -407,6 +409,7 @@ popd
 %patch902 -p1 -b .ccache_name
 %patch903 -p1 -b .dh
 %patch904 -p1 -b .SP800-131A
+%patch905 -p1 -b .legacy-ssh-copy-id
 
 %if 0
 # Nothing here yet