diff --git a/CHANGELOG.md b/CHANGELOG.md
index bf57927fa7c..4d97db17cdc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -46,6 +46,7 @@ Ansible Changes By Release
 * SELinux fix for files created by authorized_key module
 * "template override" ??
 * lots of documentation tweaks
+* handle tilde shell character for --private-key
 
 * ...
 
diff --git a/docsite/rst/gettingstarted.rst b/docsite/rst/gettingstarted.rst
index 2a33973ad29..88dbc52da09 100644
--- a/docsite/rst/gettingstarted.rst
+++ b/docsite/rst/gettingstarted.rst
@@ -197,7 +197,7 @@ Set up SSH agent to avoid retyping passwords:
     $ ssh-agent bash
     $ ssh-add ~/.ssh/id_rsa
 
-(Depending on your setup, you may wish to ansible's --private-key-file option to specify a pem file instead)
+(Depending on your setup, you may wish to ansible's --private-key option to specify a pem file instead)
 
 Now ping all your nodes:
 
diff --git a/lib/ansible/runner/connection_plugins/paramiko_ssh.py b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
index c532e8fd5a2..898c24bf065 100644
--- a/lib/ansible/runner/connection_plugins/paramiko_ssh.py
+++ b/lib/ansible/runner/connection_plugins/paramiko_ssh.py
@@ -82,7 +82,7 @@ class Connection(object):
             allow_agent = False
         try:
             ssh.connect(self.host, username=user, allow_agent=allow_agent, look_for_keys=True,
-                key_filename=self.runner.private_key_file, password=self.runner.remote_pass,
+                key_filename=os.path.expanduser(self.runner.private_key_file), password=self.runner.remote_pass,
                 timeout=self.runner.timeout, port=self.port)
         except Exception, e:
             msg = str(e)
diff --git a/lib/ansible/runner/connection_plugins/ssh.py b/lib/ansible/runner/connection_plugins/ssh.py
index 66a7bcf5048..ea9b03bad94 100644
--- a/lib/ansible/runner/connection_plugins/ssh.py
+++ b/lib/ansible/runner/connection_plugins/ssh.py
@@ -53,7 +53,7 @@ class Connection(object):
         if self.port is not None:
             self.common_args += ["-o", "Port=%d" % (self.port)]
         if self.runner.private_key_file is not None:
-            self.common_args += ["-o", "IdentityFile="+self.runner.private_key_file]
+            self.common_args += ["-o", "IdentityFile="+os.path.expanduser(self.runner.private_key_file)]
         if self.runner.remote_pass:
             self.common_args += ["-o", "GSSAPIAuthentication=no",
                                  "-o", "PubkeyAuthentication=no"]