If your intent is to backup a remote computer's HDD A via SSH to a single file that's on your local computer's HDD, you could do one of the following. Examples

* run from remote computer

$ dd if=/dev/sda | gzip -1 - | ssh user@local dd of=image.gz

* run from local computer

$ ssh user@remote "dd if=/dev/sda | gzip -1 -" | dd of=image.gz

* from a webserver in armor format (mostly):

$ curl <https://example.com/key/repo-key.gpg> | gpg --dearmor > /usr/share/keyrings/<myrepository>-archive-keyring.gpg

* from a webserver not in armor:

$ wget -O /usr/share/keyrings/<myrepository-archive-keyring.gpg> <https://example.com/key/repo-key.gpg>

* from gpg key server:

$ gpg --no-default-keyring --keyring /usr/share/keyrings/<myrepository>-archive-keyring.gpg --keyserver <hkp://keyserver.ubuntu.com:80> --recv-keys <fingerprint>

* in /etc/apt/sources.list.d muss dann das signed-by:

deb [signed-by=/usr/share/keyrings/<myrepository>-archive-keyring.gpg] <https://repository.example.com/debian/ stable main>

$ find . -type d -empty -delete

$ find . -mindepth 1 -type d -exec chmod 775 {} \;

$ echo "1" >/proc/sys/net/ipv4/ip_forward
$ iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
$ iptables --append FORWARD --in-interface eth1 -j ACCEPT

$ smartctl --all /dev/sda
$ smartctl -t long /dev/sda

ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
5   Reallocated_Sector_Ct   0x0033   100   100   036    Pre-fail  Always       -       48
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       2

• Reallocated_Sector_Ct = wie viele Blöcke wurden durch Reseveblöcke ersetzt
• Current_Pending_Sector = verdächtige Sektoren

$ badblocks -s -v -v -n -c 262144 /dev/sda

* Bei großen Platten

$ sudo -n blockdev --getbsz /dev/sdX # <- für blocksize
$ sudo badblocks -t random -w -s -b {blocksize} /dev/sdX