Setting "UseDNS no" as a temporary workaround for a host that does not have PTR record breaks public key login for all hosts, even if they have valid, matching A and PTR records. A message is logged to syslog: "sshd[1235]: Authentication tried for <user> with correct key but not from a permitted host (host=XXX.XXX.XXX.XXX, ip=XXX.XXX.XXX.XXX)." Host at IP XXX.XXX.XXX.XXX is a host that is previously able to login when UseDNS is set to "yes". If this is not the intent of the UseDNS option
are you talking about HostBased authentication, or user PublicKeyAuthentication?
Ahhh, this was a usage error. You can close this bug. "UseDNS no" stops all DNS references from occurring - I had expected it to only disable the restriction that the host's IP be findable in a PTR DNS record. What was actually happening is that from="<FQDN>" was in my authorized_keys file, and then "UseDNS no" prevented sshd from looking up the IP of foo. SO sshd would complain "Your host '11.22.33.44' is not permitted to use this key for login." when it also meant "key found in the authorized_keys file for <GQDN> but not for 11.22.33.44". The correct use of "UseDNS no" is to identify the key with 'from ="11.22.33.44"' (the double quotes are required) rather than 'from="<FQDN>".
Mass change of RESOLVED bugs to CLOSED