一、为什么是 2017 年这一份
2017 年这个时间点是 Debian 的一个关键节点:
- Debian 9 (stretch) —— 2017-06-17 发布,是 2017-2019 的稳定主力
- Debian 10 (buster) —— 2019-07-06 发布,开始向新默认过渡
- Debian 11 (bullseye) —— 2021-08-14 发布,进入新 LTS 时代
这一篇**覆盖 Debian 家族(不含 Ubuntu 子系,单独成文)**的装机、换源、桌面、root 账号、常用配置——一个完整的"Debian 全家桶"指南。
阅读建议:本文按"先看版本 → 选对应章节"组织。Debian 9 装在 2017、Debian 10 装在 2019、Debian 11 装在 2021,版本号和实际部署时间匹配。换源部分同时给 USTC、清华、阿里云三个国内镜像。
二、Debian 通用装机流程
2.1 修改密码 / 退出登录
1
2
3
| passwd # 修改当前用户密码
exit # 退出登录
logout # 同 exit
|
2.2 切换 root 账号
Debian 安装时 root 密码默认未启用(Ubuntu 也是)。要给 root 设密码:
1
2
3
4
| sudo passwd root
# 输入 sudo 用户的密码
# 输入新 root 密码
# 确认 root 密码
|
2.3 允许 root 登录 GNOME
如果是 desktop 安装,root 默认不能登录 GDM。要改两处:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| # 1. 改 GDM 配置
vim /etc/gdm3/daemon.conf
# [security]
# AllowRoot = true
# 2. 注释掉 PAM 限制
vim /etc/pam.d/gdm-password
# 注释这行
# auth required pam_succeed_if.so user != root quiet_success
# 3. 允许 root SSH
vim /etc/ssh/sshd_config
# PermitRootLogin yes
# 4. 重启 SSH
systemctl restart sshd
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| # 1. 切换 root
su
# 2. 挂载 CD
mkdir -p /mnt/cdrom
mount -t auto /dev/cdrom /mnt/cdrom
ls -l /mnt/cdrom
# 3. 解压 VMware Tools
cd /home
tar zxpf /mnt/cdrom/VMwareTools-x.x.x-yyyy.tar.gz
umount /dev/cdrom
cd vmware-tools-distrib
sudo ./vmware-install.pl
# 4. 清理
rm /tmp/VMwareTools-version.tar.gz
rm -rf /tmp/vmware-tools-distrib
# 5. Debian 9+ 直接装 open-vm-tools
apt-get install open-vm-tools
|
三、Debian 9 (stretch) —— 2017-06-17 发布
Debian 9 代号 stretch,是 2017-2019 的稳定主力。
3.1 换源:USTC / 清华
1
2
3
4
| sudo sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's|security.debian.org/debian-security|mirrors.ustc.edu.cn/debian-security|g' /etc/apt/sources.list
sudo apt-get update
|
或者直接编辑 /etc/apt/sources.list:
1
2
3
4
5
6
7
8
9
10
11
| deb https://mirrors.ustc.edu.cn/debian/ stretch main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ stretch main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ stretch-updates main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ stretch-updates main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ stretch-backports main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ stretch-backports main contrib non-free
deb https://mirrors.ustc.edu.cn/debian-security/ stretch/updates main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian-security/ stretch/updates main contrib non-free
|
清华源(同样可替换):
1
2
3
4
| deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-updates main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ stretch-backports main contrib non-free
deb https://mirrors.tuna.tsinghua.edu.cn/debian-security stretch/updates main contrib non-free
|
3.2 报错:NO_PUBKEY
1
2
3
| W: GPG error: https://mirrors.ustc.edu.cn/debian stretch-backports InRelease:
The following signatures couldn't be verified because the public key is not available:
NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9
|
解决:
1
2
3
| dpkg --force-depends -P debian-archive-keyring
apt --fix-broken install
apt-get update
|
3.3 自定义终端快捷键
GNOME 默认没有 Ctrl+Alt+T 打开终端。手动加:
- 鼠标右击 → 设置 → 设备 → 键盘 → 自定义快捷键 → 添加
- 名称:
Terminal - 命令:
gnome-terminal - 单击"编辑",按
Ctrl+Alt+T
3.4 解决"插入光盘"提示
安装完系统后 apt update 经常弹"插入光盘"提示。原因是 /etc/apt/sources.list 里还留着 cdrom 行:
1
2
| vim /etc/apt/sources.list
# 注释掉 deb cdrom:... 这一行
|
3.5 安装 Docker
1
2
3
4
5
| curl -sSL https://get.docker.com/ | sh
systemctl status docker
systemctl enable docker
systemctl start docker
docker info
|
3.6 安装 docker-compose
1
2
3
4
| curl -L "https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
|
四、Debian 10 (buster) —— 2019-07-06 发布
4.1 换源:USTC
1
2
3
4
5
6
7
8
9
10
11
12
13
| vim /etc/apt/sources.list
deb https://mirrors.ustc.edu.cn/debian/ buster main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ buster-updates main contrib non-free
deb https://mirrors.ustc.edu.cn/debian/ buster-backports main contrib non-free
deb https://mirrors.ustc.edu.cn/debian-security/ buster/updates main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ buster main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ buster-updates main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian/ buster-backports main contrib non-free
deb-src https://mirrors.ustc.edu.cn/debian-security/ buster/updates main contrib non-free
apt-get update
|
五、Debian 11 (bullseye) —— 2021-08-14 发布
5.1 换源
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| # 方法一:sed 一行替换
sed -i "s@http://\(deb\|security\).debian.org@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
# 备份
mv /etc/apt/sources.list /etc/apt/sources.listbak
# https 源需要安装
apt install apt-transport-https ca-certificates
# 完整 sources.list
cat <<"EOF" >/etc/apt/sources.list
deb http://mirrors.ustc.edu.cn/debian bullseye main
deb-src http://mirrors.ustc.edu.cn/debian bullseye main
deb http://mirrors.ustc.edu.cn/debian-security/ bullseye-security main
deb-src http://mirrors.ustc.edu.cn/debian-security/ bullseye-security main
deb http://mirrors.ustc.edu.cn/debian bullseye-updates main
deb-src http://mirrors.ustc.edu.cn/debian bullseye-updates main
EOF
|
5.2 阿里云源(云上 ECS 常用)
1
2
| sudo sed -i 's/deb.debian.org/mirrors.ustc.edu.cn/g' /etc/apt/sources.list
sudo sed -i 's/mirrors.cloud.aliyuncs.com/mirrors.aliyun.com/g' /etc/apt/sources.list
|
阿里云镜像:mirrors.cloud.aliyuncs.com 是阿里云内网域名,ECS 上用最快;mirrors.aliyun.com 是公网域名。
六、装桌面 / 输入法 / 显卡
6.1 安装 oh-my-zsh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| # 安装 zsh
apt install zsh
chsh -s /bin/zsh
# 重新登录
# 安装 oh-my-zsh
sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
# 主题推荐
# ll ~/.oh-my-zsh/themes
vim ~/.zshrc
# ZSH_THEME="robbyrussell"
# 改为
# ZSH_THEME="bira"
# 插件:自动提示 + 语法高亮
git clone https://github.com/zsh-users/zsh-autosuggestions \
${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions
git clone https://github.com/zsh-users/zsh-syntax-highlighting.git \
${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting
vim ~/.zshrc
plugins=(
git
zsh-autosuggestions
zsh-syntax-highlighting
)
source ~/.zshrc
|
6.2 显卡驱动
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| # 升级系统
sudo apt update && sudo apt upgrade -y
# 禁用开源驱动 Nouveau
sudo vim /etc/modprobe.d/blacklist.conf
# blacklist nouveau
# options nouveau modeset=0
sudo update-initramfs -u
sudo reboot
# 验证禁用成功
lsmod | grep nouveau
# 卸载旧驱动(如有)
sudo apt purge nvidia-*
sudo apt autoremove
# 安装 NVIDIA 驱动
sudo add-apt-repository ppa:graphics-drivers/ppa
sudo apt update
ubuntu-drivers devices
# 选带 "recommended" 的版本
sudo apt install -y nvidia-driver-580
sudo reboot
# 验证
nvidia-smi
|
内核升级后驱动失效:
1
2
3
| sudo apt install --reinstall nvidia-driver-580
# 或
sudo apt install build-essential linux-headers-$(uname -r)
|
完成安装后谨慎 sudo apt upgrade:可能因内核更新导致驱动失效。
七、磁盘操作
1
2
3
4
5
6
| # 磁盘占用
df -h
df -lh
# 查系统版本
cat /etc/os-release
|
八、查路由 / 网卡
1
2
3
4
5
6
7
8
9
10
| # 查路由
netstat -rn
ip route
# 查网卡
ifconfig
ip a
# 清空当前路由
ip route flush dev eth0
|
九、网卡配置(Debian 9/10)
1
| vim /etc/network/interfaces
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
| # This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# 环回口
auto lo
iface lo inet loopback
# DHCP
auto eth0
iface eth0 inet dhcp
# 静态 IP
auto eth0
iface eth0 inet static
address 192.168.1.122
netmask 255.255.255.0
gateway 192.168.1.2
|
1
2
3
4
| # 重启
/etc/init.d/networking restart
# 或
systemctl restart networking
|
十、DNS 配置
1
2
3
4
5
6
7
| # 临时
cat /etc/resolv.conf
# nameserver 8.8.8.8
# nameserver 114.114.114.114
# 永久
sudo apt install resolvconf
|
十一、前置知识 / 下一步
- 想看 Ubuntu 22.04 / 24.04 装机流程(netplan)→ 翻本系列《Ubuntu 发行版实战》
- 想看 LVM 扩容/缩容 → 翻本系列《Linux 磁盘与 LVM 深度实践》
- 想看 SSH 公私钥免密登录 → 翻本系列《Linux 远程登录与安全实践》
- 想看 Deepin 桌面 / Wine 兼容 → 翻本系列《Deepin 与 Kali 发行版实战》
十二、参考资源
2024 视角:Debian 12 (Bookworm) 已是 2024 主流,13 (Trixie) 进入测试
2017 那篇覆盖 Debian 9/10/11。2024 视角下,Debian 12 (Bookworm)(2023-06 发布)已稳定,Debian 13 (Trixie) 进入 testing 阶段。
一、Debian 12 (Bookworm) 装机要点
- Debian 12.6(2024-09 最新)—— Linux 6.1 LTS + GCC 12.2 + Glibc 2.36 + systemd 252。
- 新增:
- APT 仓库格式:从
.list 改成 .sources(DEB822 格式) - Multi-arch 改进:
libc6:amd64 + libc6:i386 并存更稳 needrestart 自动检测服务需要重启的库
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| # /etc/apt/sources.list → 改成 .sources 格式
cat << "EOF" > /etc/apt/sources.list.d/debian.sources
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/debian
Suites: bookworm bookworm-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://mirrors.tuna.tsinghua.edu.cn/debian-security
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
|
二、Debian 12 的"开箱即用"变化
- NetworkManager 取代 ifupdown(默认启用):
1
2
3
| nmcli device status
nmcli connection show
nmcli connection up "Wired connection 1"
|
- systemd-resolved 是默认 DNS 客户端:
1
2
3
| cat /etc/systemd/resolved.conf
# DNS=1.1.1.1
# FallbackDNS=8.8.8.8
|
- Python 3.11 默认(不是 3.9)。
- OpenSSH 9.2+:默认禁用 DSA / ECDSA(只接受 ed25519 / rsa-sha2-256)。
/usr/sbin/policy-rc.d 仍然管用(apt 装包时不自动启动服务)。
三、Debian 13 (Trixie) 2024 状态
- Debian 13 “Trixie”(2024 进入 testing,预计 2025 年中 GA):
- Linux 6.10 内核
- GCC 14、Glibc 2.40
- Python 3.12、systemd 256+
- Wayland 默认(X11 退场)
1
2
3
| # 2024 测 Debian 13 (testing)
cat /etc/apt/sources.list
deb https://mirrors.tuna.tsinghua.edu.cn/debian/ trixie main contrib non-free non-free-firmware
|
四、Debian 12 的"装机后"必做
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| # 1. 换源
apt install -y curl wget vim
# 改 /etc/apt/sources.list 为国内源
# 2. 装常用工具
apt install -y net-tools lsof p7zip p7zip-full git zsh neofetch
# 3. 配置时区
timedatectl set-timezone Asia/Shanghai
# 4. 启用 root SSH
sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
systemctl restart sshd
# 5. 配置自动更新(可选)
apt install -y unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades
|
五、Debian 桌面环境 2024 选择
- GNOME 43(Debian 12 默认):Wayland 默认。
- KDE Plasma 5.27(Debian 12):稳定。
- XFCE 4.18:轻量。
- Cinnamon 5.6:Linux Mint 同款。
- LXQt 1.2:超轻量。
1
2
3
4
| # Debian 12 装 KDE
apt install -y kde-plasma-desktop sddm
systemctl set-default graphical.target
systemctl start sddm
|
六、Debian 12 装 Docker / K8s
1
2
3
4
5
6
7
| # 2024 装 Docker(用 Docker 官方源,不用 Debian 仓库)
apt install -y ca-certificates curl gnupg
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable" > /etc/apt/sources.list.d/docker.list
apt update
apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
|
- Debian 12 装 K8s 1.30+(2024):
1
2
3
4
5
| curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
apt update
apt install -y kubelet kubeadm kubectl
apt-mark hold kubelet kubeadm kubectl
|
七、Debian 在云时代的"角色"
- 2024 容器基础镜像首选:
debian:bookworm-slim(~ 75MB)。 - 2024 大量云项目用 Debian 作为容器基础(比 Ubuntu LTS 更稳定)。
- Debian 12 衍生:
- Ubuntu 24.04 LTS(Debian 12 + Canonical 定制)
- Raspberry Pi OS(基于 Debian 12)
- Devuan(无 systemd 的 Debian 衍生版)
- Kali Linux 2024.2(Debian 12 + 渗透测试工具)
八、backports 仓库 2024 现状
- Debian 12 backports(
bookworm-backports)2024 仍在维护:
1
2
3
4
| # 装新版 vim(从 backports)
echo "deb https://mirrors.tuna.tsinghua.edu.cn/debian/ bookworm-backports main contrib non-free" > /etc/apt/sources.list.d/backports.list
apt update
apt install -y -t bookworm-backports vim
|
九、Debian 的"长期支持"路线
- Debian 11 (Bullseye):LTS 到 2026-08(由 Debian LTS 团队 + Freexian 维护)。
- Debian 12 (Bookworm):LTS 到 2028-06。
- Debian 13 (Trixie):预计 2030 年中进入 LTS。
Debian 的 LTS 是"社区支持的"——不是 Red Hat 那种"商业付费支持"。
十、Debian 装机常见 2024 坑
/etc/resolv.conf 是软链接到 /run/systemd/resolve/stub-resolv.conf(不要手动改)。- NetworkManager 跟 ifupdown 冲突——新装用 NetworkManager。
- systemd-resolved 是默认 DNS 客户端——改
/etc/systemd/resolved.conf 才生效。 - GRUB 默认装在第一块盘——
/dev/sda / /dev/nvme0n1。 - UEFI + Secure Boot 装机时会自动签 kernel(不需要 mokutil)。
