From Net-Security.org: "Depending on the order of the user keys in
~/.ssh/authorized_keys2 sshd might fail to apply the
source IP based access control restriction (e.g.
from="10.0.0.1") to the correct key:
If a source IP restricted key (e.g. DSA key) is
immediately followed by a key of a different type (e.g.
RSA key), then key options for the second key are applied
to both keys, which includes 'from='."