The OpenSSH ssh client sets an environment variable containing four space-separated values: client IP address, client port number, server IP address, and server port number.
This may be useful in an incident response context to identify commands that were run via SSH by parsing proc/PIDenviron for the SSH_CONNECTION environment variable:
wildcat# grep SSH_CONNECTION /proc/*/environ
Binary file /proc/21762/environ matches
wildcat# strings /proc/21762/environ
LANG=en_US.UTF-8
USER=test
LOGNAME=test
HOME=/home/test
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
SHELL=/bin/bash
TERM=xterm-256color
XDG_SESSION_ID=59
XDG_RUNTIME_DIR=/run/user/1000
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
XDG_SESSION_TYPE=tty
XDG_SESSION_CLASS=user
MOTD_SHOWN=pam
SSH_CLIENT=127.0.0.1 36412 22
SSH_CONNECTION=127.0.0.1 36412 127.0.0.1 22
SSH_TTY=/dev/pts/2