
debian 11 初始化常用操作
此为本人特定操作记录,适度参考
§重新配置官方源(可选)
编辑 /etc/apt/sources.list 文件,写入源配置:
plaindeb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://deb.debian.org/debian bullseye-backports main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb-src http://deb.debian.org/debian bullseye main contrib non-free
deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free
deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
国内的机器可以用腾讯云或北京外国语大学的源,网易和阿里云的源长期限速低于 1 MiB。
plain# 腾讯云
deb http://mirrors.tencent.com/debian bullseye main contrib non-free
deb http://mirrors.tencent.com/debian bullseye-updates main contrib non-free
deb http://mirrors.tencent.com/debian bullseye-backports main contrib non-free
deb http://mirrors.tencent.com/debian-security bullseye-security main contrib non-free
deb-src http://mirrors.tencent.com/debian bullseye main contrib non-free
deb-src http://mirrors.tencent.com/debian bullseye-updates main contrib non-free
deb-src http://mirrors.tencent.com/debian bullseye-backports main contrib non-free
deb-src http://mirrors.tencent.com/debian-security bullseye-security main contrib non-free
# 北京外国语大学
deb http://mirrors.bfsu.edu.cn/debian bullseye main contrib non-free
deb http://mirrors.bfsu.edu.cn/debian bullseye-updates main contrib non-free
deb http://mirrors.bfsu.edu.cn/debian bullseye-backports main contrib non-free
deb http://mirrors.bfsu.edu.cn/debian-security bullseye-security main contrib non-free
deb-src http://mirrors.bfsu.edu.cn/debian bullseye main contrib non-free
deb-src http://mirrors.bfsu.edu.cn/debian bullseye-updates main contrib non-free
deb-src http://mirrors.bfsu.edu.cn/debian bullseye-backports main contrib non-free
deb-src http://mirrors.bfsu.edu.cn/debian-security bullseye-security main contrib non-free
§更新并安装常用工具
shellapt update
apt upgrade
apt install vim mc tuned htop p7zip p7zip-full less tmux wget ncdu curl ca-certificates slurm nmon nethogs dialog mlocate
§添加远程用户
这里假设远程用户是 ragnaroks;如果相应路径不存在,则自行创建,.ssh 为 0700,authorized_keys 为 0600,填充密钥后保存。
shellmkdir /home/ragnaroks
groupadd ragnaroks
useradd -g ragnaroks -d /home/ragnaroks -s /bin/bash ragnaroks
chown ragnaroks:ragnaroks /home/ragnaroks
chmod 0700 /home/ragnaroks
mkdir /home/ragnaroks/.ssh
chown ragnaroks:ragnaroks /home/ragnaroks/.ssh
chmod 0700 /home/ragnaroks/.ssh
touch /home/ragnaroks/.ssh/authorized_keys
chown ragnaroks:ragnaroks /home/ragnaroks/.ssh/authorized_keys
chmod 0600 /home/ragnaroks/.ssh/authorized_keys
vi /home/ragnaroks/.ssh/authorized_keys
§配置 SSH 设定
shellecho "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
echo "PermitEmptyPasswords no" >> /etc/ssh/sshd_config
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
echo "PrintMotd yes" >> /etc/ssh/sshd_config
echo "X11Forwarding no" >> /etc/ssh/sshd_config
echo "Port 3389" >> /etc/ssh/sshd_config
# 确认无误后执行
systemctl restart sshd
§设置语言,此处为简体中文
由于会使用 dialog 绘制终端图形界面,此步骤可能需要功能完善的终端模拟器才能正常显示。
shelldpkg-reconfigure locales
选择如下 locales。
plain[x] en_GB.UTF-8
[x] en_US.UTF-8
[x] zh_CN.GB2312
[x] zh_CN.GB18030
[x] zh_CN.GBK
[x] zh_CN.UTF-8
再选择默认本地化。
plainzh_CN.UTF-8
可选安装文泉驿字体。
shellapt install ttf-wqy* -y
注销后重新登入,包括 apt 在内的应用程序应该已经显示为简体中文说明。
§设置时区,此处为 CST
shellapt install systemd-timesyncd -y
timedatectl set-timezone Asia/Shanghai
timedatectl set-ntp true
§设置邮件管理器(可选)
shelldpkg-reconfigure exim4-config
§开启 BBR(可选)
开启 BBR 会增加 5% 上下的延迟,基础延迟越大越明显,视频图片站可以用 BBR,而传统网站更适合使用 TCPA。
shellecho "net.core.default_qdisc = fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control = bbr" >> /etc/sysctl.conf
sysctl -p
§安装 cockpit
shellapt install cockpit cockpit-navigator -y
另可参考 nginx 反代 cockpit。
§卸载或关闭无用包
shell# iptable
apt --purge remove iptable* ipset* -y
# 拼写检查,ispell 选 手动链接
apt --purge remove aspell ispell -y
# 调制解调器
systemctl stop ModemManager && systemctl disable ModemManager
apt --purge remove modemmanager -y
# cockpit-navigator 依赖 rsync 进行文件复制操作,没啥用
systemctl stop rsync && systemctl disable rsync
# WPA(注意移除 wpa_supplicant 会导致依赖它的 network-manager 一同卸载,也就是说不能通过 cockpit 接管网络)
systemctl stop wpa_supplicant && systemctl disable wpa_supplicant
apt --purge remove wpasupplicant -y
# WIFI 频段数据库
apt --purge remove wireless-regdb -y
# 蓝牙
systemctl stop bluetooth && systemctl disable bluetooth
# LVM(如果正在使用 LVM 则跳过)
systemctl stop lvm2-monitor && systemctl disable lvm2-monitor
systemctl stop lvm2-lvmpolld.socket && systemctl disable lvm2-lvmpolld.socket
# packagekit(cockpit 使用的第三方包管理器,我觉得没啥用)
apt --purge remove packagekit* -y
§安装 KDE 桌面环境(可选)
使用 tasksel 之前需要确保没有已知未安装更新,否则会 apt-get failed (100) 错误。
shell# 方式一
apt install task-kde-desktop task-desktop
# 方式二
apt upgrade && sync && tasksel
§安装 xrdp 远程桌面(可选)
shellapt install xrdp
adduser xrdp ssl-cert
systemctl restart xrdp
使用 mstsc 链接 3389 端口即可登入,默认情况下只有 xorg 会话可用。
另据多次测试,有些供应商的机器,即使使用同一镜像也不能保证安装 xrdp 后正常使用,常见为链接成功,填入用户名和密码,然后闪退;如果不能正常使用的话可以用下面的 x2go 代替。
§安装 x2go 远程桌面(可选)
shellapt install x2goserver
确保在 sshd_config 中设置了 X11Forwarding yes
配置项,在 x2go 客户端中添加 ssh 登入方式即可。注意 KDE 是 custom-desktop,其启动命令为 startplasma-x11 或 startplasma-wayland