diff --git a/setup-nas-poweroff.sh b/setup-nas-poweroff.sh
new file mode 100644
index 0000000..3c4e42d
--- /dev/null
+++ b/setup-nas-poweroff.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+set -e
+
+echo "== NAS SSH 远程关机初始化脚本 =="
+echo "作者: wukongdaily"
+echo "用途: 允许 OpenWrt 通过 SSH 安全关机 NAS"
+echo
+
+if [ "$EUID" -eq 0 ]; then
+  echo "❌ 请不要使用 root 运行此脚本"
+  exit 1
+fi
+
+USER_NAME="$(whoami)"
+SYSTEMCTL_PATH="$(command -v systemctl)"
+
+if [ -z "$SYSTEMCTL_PATH" ]; then
+  echo "❌ 未检测到 systemctl（非 systemd 系统）"
+  exit 1
+fi
+
+echo "当前用户: $USER_NAME"
+echo "systemctl: $SYSTEMCTL_PATH"
+echo
+echo "将执行："
+echo "  - 初始化 ~/.ssh 权限"
+echo "  - 配置 sudo 允许 poweroff"
+echo
+read -p "是否继续？[y/N]: " CONFIRM
+[[ "$CONFIRM" =~ ^[Yy]$ ]] || exit 0
+
+# SSH 目录
+mkdir -p "$HOME/.ssh"
+chmod 700 "$HOME/.ssh"
+touch "$HOME/.ssh/authorized_keys"
+chmod 600 "$HOME/.ssh/authorized_keys"
+
+# sudo 规则
+SUDO_RULE="$USER_NAME ALL=(root) NOPASSWD:$SYSTEMCTL_PATH poweroff"
+
+if sudo grep -q "$SUDO_RULE" /etc/sudoers; then
+  echo "✔ sudo 规则已存在"
+else
+  echo "$SUDO_RULE" | sudo tee -a /etc/sudoers >/dev/null
+  echo "✔ sudo 规则已写入"
+fi
+
+echo
+echo "🎉 初始化完成"
+echo "测试命令："
+echo "  sudo $SYSTEMCTL_PATH poweroff"