All articles
git

The Only Git with SSH Setup You Ever Need

Share this article

Share on LinkedIn Share on X (formerly Twitter)

This guide helps you with managing multiple Git accounts on a single machine without SSH config but using SSH keys. Tested with Git 2.37+ on Windows, macOS, and Linux

We use .gitconfig files instead of ssh config file. You may delete if you have a ~/.ssh/config file on your machine. Conditional Git configuration files automatically apply account-specific settings based on project location, eliminating SSH config complexity.

Repeat the below steps for each of your accounts as required.

1. Generate Dedicated SSH Keys

Execute in terminal for each account/platform:

# Create SSH directory if missing
mkdir -p ~/.ssh && cd ~/.ssh
 
# Personal GitHub account 'star-coder'  
ssh-keygen -t ed25519 -C "star-coder@users.noreply.github.com" -f ~/.ssh/id_github_star  
 
# Work GitLab account 'galaxy-dev'  
ssh-keygen -t ed25519 -C "galaxy-dev@company.com" -f ~/.ssh/id_gitlab_galaxy  
 
# Client Bitbucket account 'quantum-eng'  
ssh-keygen -t ed25519 -C "quantum-eng@client.com" -f ~/.ssh/id_bitbucket_quantum

Windows users: Store keys in C:\Users\YourUser\.ssh

2. Add Public Keys to Git Platforms

Copy the public SSH keys generated in previous step

# macOS
pbcopy < ~/.ssh/id_github_star.pub
 
# Linux (requires xclip)
xclip -selection clipboard < ~/.ssh/id_github_star.pub
 
# Windows (PowerShell)
Get-Content ~\.ssh\id_github_star.pub | Set-Clipboard

Add to respective platforms:

  • GitHub: Settings → SSH and GPG keys → New SSH key (Authentication)
  • GitLab: Preferences → SSH Keys → Add new key
  • Bitbucket: Personal settings → SSH keys → Add key

3. Enable SSH Commit Signing

You can add same public keys as signing keys:

# Re-copy public key if needed (use same commands from Step 2)
  • GitHub: Settings → SSH and GPG keys → New SSH key → Select "Signing Key" type
  • GitLab/Bitbucket: SSH keys automatically support signing in Git 2.37+

If you want to generate another set of keys and use them only for signing instead of authentication, you can do so and update the signingKey in gitconfig files accordingly

4. Configure Conditional Git Identities

Create per-account configs (e.g., ~/.gitconfig-star for star-coder):

[user]
  name = "Star Coder"
  email = "star-coder@users.noreply.github.com"
  signingkey = ~/.ssh/id_github_star.pub  # Path to public key
 
[gpg]
  format = ssh  # Use SSH for signing
 
[commit]
  gpgsign = true  # Always sign commits
 
[core]
  sshCommand = "ssh -i ~/.ssh/id_github_star"  # Private key path

Windows paths: Use C:/Users/YourUser/.ssh/id_github_star

One global ~/.gitconfig file:

[user]
  name = fallback_name  # Used if no conditional match
  email = fallback@email.com
 
# Directory-based conditional includes (place at BOTTOM):
[includeIf "gitdir:~/code/star-coder/"]
  path = ~/.gitconfig-star
 
[includeIf "gitdir:~/code/galaxy-dev/"]
  path = ~/.gitconfig-galaxy
 
[includeIf "gitdir:~/code/quantum-eng/"]
  path = ~/.gitconfig-quantum

5. Verify Setup

Test authentication and signing:

# Test SSH connection (replace key path)
ssh -T git@github.com -i ~/.ssh/id_github_star
# Hi personal-username! Authentication successful.
 
# Verify signing capability
cd ~/code/star-coder/
git init test-repo && cd test-repo
git commit --allow-empty -m "Test signed commit"
git log --show-signature  # Should show "Good signature"

6. Fix "No Signature" issue (Optional)

You might see "No signature" in the git log output, if that's the case you may need to add allowedSignersFile as described here

Everything still works even if this step is skipped.

# On macOS/Linux
 
# Create folder if doesn't exist
mkdir -p ~/.config/git/
 
echo "star-coder@users.noreply.github.com $(cat ~/.ssh/id_github_star.pub)" > ~/.config/git/allowed-signers

Now add gpg.ssh.allowedSignersFile to your git config files. Example:

[user]
  name = "Star Coder"
  email = "star-coder@users.noreply.github.com"
  signingkey = ~/.ssh/id_github_star.pub
 
[gpg]
  format = ssh
 
[gpg "ssh"]
  allowedSignersFile = ~/.config/git/allowed-signers
 
[commit]
  gpgsign = true
 
[core]
  sshCommand = "ssh -i ~/.ssh/id_github_star"

Important Reminders

Key Permissions: Ensure your private keys are secure. On macOS and Linux, run:

chmod 600 ~/.ssh/id_*  # Restrict private key access

Directory Structure: Ensure your repositories are organized into the correct directories (e.g., ~/code/star-coder/ vs ~/code/galaxy-dev/) defined in your .gitconfig file's includeIf sections. If a repo is in the wrong folder, Git will use the wrong user email and signing key.

~/code/star-coder/project  # Uses star-coder identity
~/code/galaxy-dev/project  # Uses galaxy-dev identity

Migrating Existing Repos: Move repositories to corresponding paths or update local config:

git config --local user.signingkey ~/.ssh/id_relevant_key.pub
git config --local core.sshCommand "ssh -i ~/.ssh/id_relevant_key"

Troubleshooting

"Permission Denied" Errors: Add ssh keys to agent

ssh-add -l  # List loaded keys
ssh-add ~/.ssh/id_github_star  # Manually load key

Signing Verification: Ensure Git 2.37+ and GitHub/GitLab support for SSH signing
Windows Notes: Use absolute paths in configs (e.g., C:/Users/name/.ssh/id_key)

Benefits of This Approach

  1. No SSH config file required
  2. Automatic key selection based on project location
  3. Consistent signing across all commits
  4. Cross-platform compatibility
  5. Version control client agnostic (works with VS Code, CLI, etc.)

Comments