diff --git a/cli-runopts.c b/cli-runopts.c
index 5bd4c5556f37e35094b7f1621837f9600ba92c7c..58b64cec543c0ab2100593f92a598ae05284f47c 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -449,7 +449,7 @@ void cli_getopts(int argc, char ** argv) {
 
 #if defined(DROPBEAR_DEFAULT_CLI_AUTHKEY) && defined(ENABLE_CLI_PUBKEY_AUTH)
 	{
-		char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY);
+		char *expand_path = expand_homedir_path(DROPBEAR_DEFAULT_CLI_AUTHKEY);
 		loadidentityfile(expand_path, 0);
 		m_free(expand_path);
 	}
diff --git a/dbutil.c b/dbutil.c
index 46693045e20be33d85b7b5d77c398b6e2c8f52ee..d87835b5b0ab5cb7d8a31ebc0733c66973582134 100644
--- a/dbutil.c
+++ b/dbutil.c
@@ -613,15 +613,16 @@ int m_str_to_uint(const char* str, unsigned int *val) {
 	}
 }
 
-/* Returns malloced path. Only expands ~ in first character */
-char * expand_tilde(const char *inpath) {
+/* Returns malloced path. inpath beginning with '/' is returned as-is,
+otherwise home directory is prepended */
+char * expand_homedir_path(const char *inpath) {
 	struct passwd *pw = NULL;
-	if (inpath[0] == '~') {
+	if (inpath[0] != '/') {
 		pw = getpwuid(getuid());
 		if (pw && pw->pw_dir) {
-			int len = strlen(inpath) + strlen(pw->pw_dir) + 1;
+			int len = strlen(inpath) + strlen(pw->pw_dir) + 2;
 			char *buf = m_malloc(len);
-			snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]);
+			snprintf(buf, len, "%s/%s", pw->pw_dir, inpath);
 			return buf;
 		}
 	}
diff --git a/dbutil.h b/dbutil.h
index 83ba888f695ef602725433b4dbe26406e89366b9..71f3bdcd8f4ee71bc729e74af26a6695002c3542 100644
--- a/dbutil.h
+++ b/dbutil.h
@@ -97,6 +97,6 @@ int constant_time_memcmp(const void* a, const void *b, size_t n);
 a real-world clock */
 time_t monotonic_now();
 
-char * expand_tilde(const char *inpath);
+char * expand_homedir_path(const char *inpath);
 
 #endif /* DROPBEAR_DBUTIL_H_ */
diff --git a/options.h b/options.h
index 41cc12938f64163c227306103810d5ec7f01c697..c61d4d9635e0f4e443b09e6776ea3b92ab6ec6b1 100644
--- a/options.h
+++ b/options.h
@@ -222,8 +222,8 @@ If you test it please contact the Dropbear author */
 #define ENABLE_CLI_INTERACT_AUTH
 
 /* A default argument for dbclient -i <privatekey>. 
-   leading "~" is expanded */
-#define DROPBEAR_DEFAULT_CLI_AUTHKEY "~/.ssh/id_dropbear"
+Homedir is prepended unless path begins with / */
+#define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
 
 /* This variable can be used to set a password for client
  * authentication on the commandline. Beware of platforms