diff --git a/actions/ssh b/actions/ssh
index ab4595bdc..d2aee9319 100755
--- a/actions/ssh
+++ b/actions/ssh
@@ -26,12 +26,12 @@ def parse_arguments():
 
     get_keys = subparsers.add_parser('get-keys',
                                      help='Get SSH authorized keys')
-    get_keys.add_argument('--username')
+    get_keys.add_argument('--username', required=True, type=_managed_user)
 
     set_keys = subparsers.add_parser('set-keys',
                                      help='Set SSH authorized keys')
-    set_keys.add_argument('--username')
-    set_keys.add_argument('--keys')
+    set_keys.add_argument('--username', required=True, type=_managed_user)
+    set_keys.add_argument('--keys', required=True)
 
     subparsers.add_parser('get-password-config',
                           help='Get SSH password auth configuration')
@@ -44,6 +44,14 @@ def parse_arguments():
     return parser.parse_args()
 
 
+def _managed_user(username):
+    """Raise an error if the user is root."""
+    if pwd.getpwnam(username).pw_gid == 0:
+        msg = 'User {} is not managed by FreedomBox'.format(username)
+        raise argparse.ArgumentTypeError(msg)
+    return username
+
+
 def subcommand_setup(arguments):
     """Setup Open SSH server.