Sophos XG - Logs showing message="User '-' failed to login

Hey Guys,

I'm seeing an unusual logins on my Sophos XG 115. The user is - and the IP it's coming from is my DC ( About every hour I'm seeing:

message="User '-' failed to login from '' using ssh because of wrong credentials"


No RDP or other ports open from the WAN. I do have SSL VPN setup. It's a pretty brand new 2016 DC setup.

I am running Labtech on the DC, so my gut feeling is it might be the Labtech network probe doing it.

How would I go about figuring out what's causing the logon attempt? What is user - ?

  • Would suggest to try a Dump of this Traffic to check.

    Maybe take a look at the DC and perform a Debug there.

    Some Application should start a SSH Connection to XG. This looks odd. 

  • I am receiving these notifications as-well. They are coming from a PC on the network with LabTech (now ConnectWise) agent on it. The agent on the client PC is setup as with as Master and has the Network Probe on as-well. I am going to follow up with ConnectWise to see how I might be able to better leverage this.

  • In reply to LUPike:

    Hey Luke,

    I figured it was Labtech/Connectwise as it stopped when I disabled the agent. But I haven't had a chance to troubleshoot further. Did you get a reply from Connectwise?