If you've got SSHd running on an unexpected port, you could put in a banner: "Barracuda field service access".
If you've got accounts on the system, they can have GECOS fields saying the same.
And put it in the manual. "Disabling the fieldservice account will prevent service personnel from logging in. Customers with active support contracts should not do so."
Reminds me of a situation I encountered at a prior gig. We were getting random log-ins to an administrative account from a user we didn't recognize. I sent email around the group asking if anyone knew what was up. Nope.
Started tracing IPs. Turned out it was coming from a gateway used by our corporate parent (very large organization). Further tracing localized it to our office.
Turned out my seatmate (who I'd included on the initial email and who had heard me muttering over this for 2 days) was the guy who had some random bozo named account that he was using for test purposes ... but had neglected to tell anyone about.
Sort of pissed me off.
One reason for documenting these backdoors is so that, if you're OK with their legitimate use, you can properly audit and account for their legitimate use. That said: given shared keys and common access, I'd be inclined to consider the device unsecurable.
If you've got accounts on the system, they can have GECOS fields saying the same.
And put it in the manual. "Disabling the fieldservice account will prevent service personnel from logging in. Customers with active support contracts should not do so."
White hats tell you what they're doing and why.