Backup Linux files to Windows 11 Desktop using WinSCP and PowerShell over IPv6

Note/Disclaimer: This can be done with Windows Power Automate, but that takes more time to accomplish the same goal. Also not that you will likely have to sign your PS script (with either methos), which I may cover in another post. If you think that would be valuable, comment below. ↓

Environment:

• VPS running RockLinux (CentOS compat)
• Network interface: ens192
• Windows 11 (Task Scheduler)
• WinSCP 5.17.10 (5.18 didn’t work, I forget why).
• IPv6 network provided by host
• I’ll be using a sample CIDR fc04:1c8e:685a:239c: for this tutorial.
• One IPv6 was provisioned to server over DHCP.
• fc04:1c8e:685a:239c::1
• I created two new IPv6 addresses at host.
• fc04:1c8e:685a:239c::2
• fc04:1c8e:685a:239c::3

Add IPv6 address to server:

$ sudo vi /etc/sysconfig/network-scripts/ifcfg-ens192

Add the following line to the end of the file:

IPV6ADDR_SECONDARIES="fc04:1c8e:685a:239c::5/64   fc04:1c8e:685a:239c::4/64"

Reboot host.

You should now see the networks available:

$ ip addr | grep inet6
...
inet6 fc04:1c8e:685a:239c::2/64 scope global noprefixroute 
inet6 fc04:1c8e:685a:239c::3/64 scope global noprefixroute
...

Create a folder where you want to store your data (C:\LinuxBackup).

Use notepad or your favorite editor to create a PowerShell file backup_files.ps1 in C:\LinuxBackup

On the Linux hosts, get host RSA key:

$ sudo ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
3072       SHA256:xxxxxxxFDSxxxIt4DxxxxQUAA4xxxxCBxxxxxx1EM8 root@localhost (RSA)

I configured a new firewall rule to allow port 22 access on the 2607:f1c0:1800:802a::2 IP, as I plan to lock down the whole server on port 22 except IP 2607:f1c0:1800:802a::2.

Since I want to use a hostname to connect to my server, I had to add an entry in Windows hosts file:

Edit C:\Windows\system32\drivers\etc\hosts and add the following line:

[fc04:1c8e:685a:239c::2] scp.mydomain.com

Contents of the backup_files.ps1 file (I included my default environment because I’m not sure how that’s handled in Task Scheduler):

$ENV:PATH = 'C:\Program Files (x86)\VMware\VMware Player\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files\PuTTY\;C:\Program Files\Git\cmd;C:\Users\Tom\AppData\Local\Microsoft\WindowsApp

Add-Type -Path "C:\Program Files (x86)\WinSCP\WinSCPnet.dll"

$SessionOptions = New-Object WinSCP.SessionOptions -Property @{
UserName = 'server_username'
Password = 'server_password'
HostName = 'scp.mydomain.com'
SshHostKeyFingerprint = 'ssh-rsa 2048 xxxxxxxFDSxxxIt4DxxxxQUAA4xxxxCBxxxxxx1EM8'

PortNumber = 22
}

$transferOptions = New-Object WinSCP.TransferOptions

# FileMask = Newer than 2 days
$transferOptions.FileMask = "*>=2D"

$session = New-WinSCPSession -SessionOption $SessionOptions

Receive-WinSCPItem -Path '/home/tom/files_for_backup/' -Destination 'C:\LinuxBackup\' -TransferOptions $transferOptions

Remove-WinSCPSession -WinSCPSession $session

The next step is to create the task in Task Scheduler:

• Open Windows Task Scheduler
• Right click “Task Scheduler Library” and select “New Folder…”. I called mine Tom.
• Right click new folder and choose “Create Task…”.
• In the popup window, add Name “Backup Linux”
• Under “Security Options”, choose “Run whether user is logged in or not” and “Run with highest privileges”. 
• Go to the “Actions” tab, type Powershell.exe, and put the path to the script in the Arguments box: 

-command & 'C:\LinuxBackup\backup_files.ps1'

• Go to “Trigger” tab and create a New trigger. I chose “At 12:00 PM every day”.
• Click “OK”. This will prompt you to enter your credentials.