Configure Git with Multi-Account SSH and Verified Commits Using GPG in Github

Throughout time in developments we faced multiple repositories with different git account/credentials. Managing multiple Git accounts and ensuring commit authenticity can be challenging.

This guide simplifies the process by combining multi-account SSH key setup with GPG signing for secure authentication and trusted commits across your Linux, Windows, and macOS workstation.

---

Why It Matters

1. SSH Keys: Manage multiple accounts securely with password-free access. Essential for handling separate work, personal, or client repositories without confusion.
2. GPG Signing: Cryptographically sign commits to prove their authenticity and protect them from tampering—critical for secure, professional or enterprise collaborations.
3. This workflow is also apply to other git service provider such as gitlab or bitbucket.

---

Steps

Typical steps to enabling multi-account Git SSH & GPG commit signing, you can check this big picture on how we enabling it.

1. Create SSH Key in workstation for each account with distinct name.
2. Save your SSH Public Key to github.
3. Create gpg key and save to github.
4. Clone using git SSH for push access to the repo.
5. Config the local git repo folder to configure username, email account and signing commit using your gpg key.
6. For complete details you can follow the rest of this article.

---

1. Setting Up Multi-Account Git with SSH

Step 1: Generate SSH Keys

For each Git account, generate a separate SSH key.

Linux/macOS:

ssh-keygen -t rsa -b 4096 -C "email@example.com" -f ~/.ssh/id_rsa_personal
ssh-keygen -t rsa -b 4096 -C "client_email@example.com" -f ~/.ssh/id_rsa_client

Windows (Git Bash):

ssh-keygen -t rsa -b 4096 -C "email@example.com" -f ~/ssh/id_rsa_personal
ssh-keygen -t rsa -b 4096 -C "client_email@example.com" -f ~/ssh/id_rsa_client

Important notes

• During SSH Key Generation, user is your github username and email is your email registered for your github account.
• "email@example.com" : you can change to your registered github email account.
• "client_email@example.com" : you can change to your other registered github email account.

Step 2: Configure SSH

Edit the SSH config file to associate each key with its GitHub account.

• Linux/macOS: ~/.ssh/config
• Windows: ~/ssh/config

If the configfile doesn't exist you can create the file config first then edit it using a text editor.

# Personal Account
Host github-personal
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa_personal

# Client Account
Host github-client
    HostName github.com
    User git
    IdentityFile ~/.ssh/id_rsa_client

Step 3: Clone Using SSH Aliases

Clone repositories using the configured aliases:

git clone git@github-personal:username/repo.git
git clone git@github-client:client/repo.git

---

2. Adding SSH Keys to GitHub

Step 1: Copy Your Public Key

cat ~/.ssh/id_rsa_personal.pub
cat ~/.ssh/id_rsa_client.pub

Step 2: Add Keys to GitHub

1. Navigate to GitHub > Settings > SSH and GPG Keys > New SSH Key.
2. Paste each public key.
3. Label keys for clarity (e.g., "Personal" or "Client").

---

3. Setting Up GPG Signing

Step 1: Generate a GPG Key

Linux/macOS:

gpg --full-generate-key

Windows (Gpg4win):

Install Gpg4win and run:

gpg --full-generate-key

Choose RSA and RSA (4096 bits) and set an expiry date.

Step 2: Export the Public Key

Find the GPG key ID:

gpg --list-secret-keys --keyid-format LONG

Export and copy the key:

gpg --armor --export <GPG_KEY_ID>

Step 3: Add GPG Key to GitHub

1. Go to GitHub > Settings > SSH and GPG Keys > New GPG Key.
2. Paste the public key.

---

4. Configuring Repository-Specific Settings

For each repository, configure local Git settings to specify the username, email, and GPG key.

cd /path/to/repo
git config user.name "Your Name"
git config user.email "your_email@example.com"
git config user.signingkey <GPG_KEY_ID>
git config commit.gpgsign true

Verify settings with:

git config --get user.name
git config --get user.email
git config --get user.signingkey

This ensures commits in the repository use the correct identity and are signed.

---

5. Using and Verifying Signed Commits

Create a Signed Commit

git commit -S -m "Your commit message"

Verify Signed Commits

git log --show-signature

Git will display the signature status, confirming commit authenticity.

---

Conclusion

Combining multi-account SSH key management with GPG signing ensures secure, streamlined workflows for professional developers. Whether you're managing personal, work, or client repositories, this setup keeps your Git environment organized, authenticated, and trustworthy.