Intermingled input when using local gpg-agent from remote site

I'm starting a local gpg-agent on my Mac, with the extra-socket option. Then I connect to a remote site using SSH, forwarding the remote S.gpg-agent socket to the local S.gpg-agent.extra socket. This works: ssh -R /remotehome/.gnupg/S.gpg-agent:/localhome/.gnupg/S.gpg-agent.extra remotesystem When I want to sign something on the remote machine, the pinentry dialog pops up locally and asks for the password, which is the way it should work. However, when I start typing my password, some of the key presses obviously goes into pinentry (they are displayed as *) whereas some key presses ends up in the shell that runs on the same tty as the pinentry process. ┌────────────────────────────────────────────────────────────────┐ │ Note: Request from a remote site. │ │ │ │ Please enter the passphrase to unlock the OpenPGP secret key: │ │ "My name " │ │ 4096-bit RSA key, ID MYKEYIDXXX0000YYY, │ │ created 2015-06-17 (main key ID MYMAINKEYIDXXX0000YYY). │ │ │ │ │ │ Passphrase: t*i*e_____________________________________________ │ │ │ │ │ └────────────────────────────────────────────────────────────────┘ Pressing Return has a chance of either sending the mangled password to gpg, or sending whatever key presses that didn't go into pinentry to the shell:

/bin/ksh: tie: not found

How do I get pinentry to grab _all_ keys from the tty? The local machine is a Mac running GnuPG 2.1.14 (compiled from pkgsrc). The remote site is either a Linux machine with the same version of GnuPG or an OpenBSD machine with GnuPG version 2.1.15 (no difference). The extra-socket option is the only option enabled in my gpg-agent.conf. The environment variable GPG_TTY is correctly set, and running gpg-connect-agent updatestartuptty /bye locally will move the tty on which pinentry starts up, but with the same problem. Doing gpg-connect-agent updatestartuptty /bye on the remote machine results in

$ gpg-connect-agent updatestartuptty /bye
gpg-connect-agent: connection to agent is in restricted mode
ERR 67109115 Forbidden

... which is what I kinda expect should happen. Changing from the curses interface to the tty interface for pinentry makes no difference. These are the only two pinentry interfaces available to me. I do not run X11. --- Update: With the local system running OpenBSD 6.3 (GnuPG 2.2.9) and the remote being some Ubuntu system (GnuPG 2.1.11), it's even worse with _no_ key presses going into pinentry and everything being read by the shell.