diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0e9bd3d8e..2b3663487 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,9 @@
 ## 0.9.6 (unreleased)
 
   - Fix strange issue with inconsistent childprocess reads on JRuby. [GH-711]
+  - `vagrant ssh` does a direct `exec()` syscall now instead of going through
+    the shell. This makes it so things like shell expansion oddities no longer
+    cause problems. [GH-715]
 
 ## 0.9.5 (February 5, 2012)
 
diff --git a/lib/vagrant/ssh.rb b/lib/vagrant/ssh.rb
index ec0de6c8a..bc2b2013f 100644
--- a/lib/vagrant/ssh.rb
+++ b/lib/vagrant/ssh.rb
@@ -75,26 +75,26 @@ module Vagrant
       options[:private_key_path] = ssh_info[:private_key_path]
 
       # Command line options
-      command_options = ["-p #{options[:port]}", "-o UserKnownHostsFile=/dev/null",
-                         "-o StrictHostKeyChecking=no", "-o IdentitiesOnly=yes",
-                         "-o LogLevel=ERROR"]
-      command_options << "-i #{options[:private_key_path]}" if !plain_mode
-      command_options << "-o ForwardAgent=yes" if ssh_info[:forward_agent]
+      command_options = ["-p", options[:port].to_s, "-o", "UserKnownHostsFile=/dev/null",
+                         "-o", "StrictHostKeyChecking=no", "-o", "IdentitiesOnly=yes",
+                         "-o", "LogLevel=ERROR"]
+      command_options += ["-i", options[:private_key_path]] if !plain_mode
+      command_options += ["-o", "ForwardAgent=yes"] if ssh_info[:forward_agent]
 
       # If there are extra options, then we append those
       command_options.concat(opts[:extra_args]) if opts[:extra_args]
 
       if ssh_info[:forward_x11]
         # Both are required so that no warnings are shown regarding X11
-        command_options << "-o ForwardX11=yes"
-        command_options << "-o ForwardX11Trusted=yes"
+        command_options += ["-o", "ForwardX11=yes"]
+        command_options += ["-o", "ForwardX11Trusted=yes"]
       end
 
       host_string = options[:host]
       host_string = "#{options[:username]}@#{host_string}" if !plain_mode
-      command = "ssh #{command_options.join(" ")} #{host_string}".strip
-      @logger.info("Invoking SSH: #{command}")
-      safe_exec(command)
+      command_options << host_string
+      @logger.info("Invoking SSH: #{command_options.inspect}")
+      safe_exec("ssh", *command_options)
     end
 
     # Checks the file permissions for a private key, resetting them
diff --git a/lib/vagrant/util/safe_exec.rb b/lib/vagrant/util/safe_exec.rb
index 8da48121d..ccc214de6 100644
--- a/lib/vagrant/util/safe_exec.rb
+++ b/lib/vagrant/util/safe_exec.rb
@@ -7,7 +7,7 @@ module Vagrant
     # thread. In that case, `safe_exec` automatically falls back to
     # forking.
     module SafeExec
-      def safe_exec(command)
+      def safe_exec(command, *args)
         # Create a list of things to rescue from. Since this is OS
         # specific, we need to do some defined? checks here to make
         # sure they exist.
@@ -20,7 +20,7 @@ module Vagrant
         begin
           pid = nil
           pid = fork if fork_instead
-          Kernel.exec(command) if pid.nil?
+          Kernel.exec(command, *args) if pid.nil?
           Process.wait(pid) if pid
         rescue *rescue_from
           # We retried already, raise the issue and be done