Identity keys are always checked, even if look_for_keys=False.

[dssd96]

Description
When trying to create a Connection, let's say

from fabric import Connection

with Connection("hostname", user="username", connect_kwargs={"password": "password"}) as c:
    pass

the exception

ValueError: p must be exactly 1024, 2048, 3072, or 4096 bits long

is raised at "cryptography\hazmat\primitives\asymmetric\dsa.py:27" on my machine because I have a 8192 bit identity file lying around. Note that I am in no way trying to use the key here. I tried deactivating key search via:

ck = {
    "password": "password",
    "look_for_keys": False,  # !
    "allow_agent": False,  # !
}
with Connection("hostname", user="username", connect_kwargs=ck) as c:
    pass

but that did not change anything. On closer inspection, the "offending" key (it is a valid, working key) is added to the kwargs dict from the Connection.resolve_connect_kwargs function in the Connection constructor. In the resolved connect keyword args dict, an entry "key_filename" always appears containing a list of paths to my identity keys.

Should this function respect look_for_keys=False i.e. not add the kes?

Environment
On windows 11 (and windows 10): Python 3.10.6, fabric==3.0.1 with paramiko==3.1.0 using Windows' default ssh (OpenSSH)

[godfath3r]

If this adds any value to the resolution of the issue, I've tried to reproduce on Linux with following versions:

python 3.10.9
fabric 3.0.1
paramiko 3.1.0

with no luck.

Can you specify how you created the "invalid" key?

[dssd96]

@godfath3r The key in question is a 8192 bit RSA key generated via ssh-keygen -t rsa -b 8192 where "ssh" is openssh on windows 10. It is listed as an IdentityFile in my ssh config.