Edit: oh, you’re talking about the high port OP is wondering about. That’s just the source port, which is chosen randomly by the client OS when making a connection. Using port 22 (or any other port below 1025) as a source port would require root privileges on the client and would also conflict with the SSH server that could be running there. Still, it has nothing to do with SSH “moving connections over”
Ah, I see, so the port numbers shown in auth.log
are all client side ports. I guess I thought that the listening port would be in the log and assumed that the port listed there would be it, but when I read the lines again, it clearly says "from ip.ad.dr.ess port 12345"
Oh, this was no attempt to say "Just use proprietary software and block it". I use a (different) FOSS keyboard myself, and as far as I am able to, I try to only use FOSS. I'm all for it.
It was just a question that emerged from the combination of "Android keyboard" + "privacy". Keyboard are potentially very sensitive applications, and I was wondering if there were some mechanisms I did not know about that could breach privacy.