Peter, The workaround for this is to add "pass out log body quick proto tcp from 85.X.X.X port = 22 to 77.X.X.X.X" at the end of all of your "keep state" ipf rules.
I've added the "log body" bit to provide more information about the ssh packets that aren't picked up by the ssh rules and session state. Cheers, Darren
