diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml
index 966de21df..c4e95e748 100644
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@@ -203,6 +203,30 @@ user:
                     extra:
                         pattern: *pattern_mailbox_quota
 
+        ### ssh_user_enable_ssh()
+        allow-ssh:
+            action_help: Allow the user to uses ssh
+            api: POST /ssh/user/enable-ssh
+            configuration:
+                authenticate: all
+            arguments:
+                username:
+                    help: Username of the user
+                    extra:
+                        pattern: *pattern_username
+
+        ### ssh_user_disable_ssh()
+        disallow-ssh:
+            action_help: Disallow the user to uses ssh
+            api: POST /ssh/user/disable-ssh
+            configuration:
+                authenticate: all
+            arguments:
+                username:
+                    help: Username of the user
+                    extra:
+                        pattern: *pattern_username
+
         ### user_info()
         info:
             action_help: Get user information
diff --git a/src/yunohost/user.py b/src/yunohost/user.py
index 11f61d807..123438da3 100644
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@@ -25,6 +25,7 @@
 """
 import os
 import re
+import pwd
 import json
 import errno
 import crypt
@@ -435,6 +436,36 @@ def user_info(auth, username):
         raise MoulinetteError(167, m18n.n('user_info_failed'))
 
 
+def user_allow_ssh(auth, username):
+    """
+    Allow YunoHost user connect as ssh.
+
+    Keyword argument:
+        username -- User username
+    """
+    # TODO it would be good to support different kind of shells
+
+    if not _get_user_for_ssh(auth, username):
+        raise MoulinetteError(errno.EINVAL, m18n.n('user_unknown', user=username))
+
+    auth.update('uid=%s,ou=users' % username, {'loginShell': '/bin/bash'})
+
+
+def user_disallow_ssh(auth, username):
+    """
+    Disallow YunoHost user connect as ssh.
+
+    Keyword argument:
+        username -- User username
+    """
+    # TODO it would be good to support different kind of shells
+
+    if not _get_user_for_ssh(auth, username) :
+        raise MoulinetteError(errno.EINVAL, m18n.n('user_unknown', user=username))
+
+    auth.update('uid=%s,ou=users' % username, {'loginShell': '/bin/false'})
+
+
 def _convertSize(num, suffix=''):
     for unit in ['K', 'M', 'G', 'T', 'P', 'E', 'Z']:
         if abs(num) < 1024.0:
@@ -470,3 +501,28 @@ def _hash_user_password(password):
 
     salt = '$6$' + salt + '$'
     return '{CRYPT}' + crypt.crypt(str(password), salt)
+
+
+def _get_user_for_ssh(auth, username, attrs=None):
+    if username == "admin":
+        admin_unix = pwd.getpwnam("admin")
+        return {
+            'username': 'admin',
+            'fullname': '',
+            'mail': '',
+            'ssh_allowed': admin_unix.pw_shell.strip() != "/bin/false",
+            'shell': admin_unix.pw_shell,
+            'home_path': admin_unix.pw_dir,
+        }
+
+    # TODO escape input using https://www.python-ldap.org/doc/html/ldap-filter.html
+    user = auth.search('ou=users,dc=yunohost,dc=org',
+                       '(&(objectclass=person)(uid=%s))' % username,
+                       attrs)
+
+    assert len(user) in (0, 1)
+
+    if not user:
+        return None
+
+    return user[0]