import { KeyExchangeAlgorithm, PublicKeyAlgorithm, EncryptionAlgorithm, HmacAlgorithm, CompressionAlgorithm } from './algorithms/sshAlgorithms';
import { SshServiceConstructor } from './services/sshService';
import { SshMessage, SshMessageConstructor } from './messages/sshMessage';
import { AuthenticationMethod } from './messages/authenticationMethod';
export declare enum SshProtocolExtensionNames {
    /**
     * Lists host key signature algorithms enabled by the sender.
     *
     * This is a "standard" protocol extension supported by most SSH implementations.
     */
    serverSignatureAlgorithms = "server-sig-algs",
    /**
     * An optimization that enables sending an initial channel request without
     * waiting for a channel open confirmation message.
     */
    openChannelRequest = "open-channel-request@microsoft.com",
    /**
     * Enables reconnecting to a session that was recently disconnected.
     */
    sessionReconnect = "session-reconnect@microsoft.com",
    /**
     * Enables continual latency measurements between client and server.
     *
     * This extension requires that the reconnect extension is also enabled, because
     * it leverages some of the session history info for reconnect to compute latency.
     */
    sessionLatency = "session-latency@microsoft.com"
}
/**
 * Specifies the sets of algorithms and other configuration for an SSH session.
 *
 * Each collection of algorithms is in order of preference. Server and client
 * negotiate the most-preferred algorithm that is supported by both.
 */
export declare class SshSessionConfiguration {
    constructor(useSecurity?: boolean);
    /**
     * Gets the protocol extensions that are enabled for the session.
     */
    readonly protocolExtensions: string[];
    /**
     * Gets a dictionary that maps from service types to service configuration objects.
     *
     * Service types must extend the `SshService` abstract class.
     *
     * The service configuration object is passed to the service constructor upon activation.
     */
    readonly services: Map<SshServiceConstructor<import("./services/sshService").SshService>, any>;
    /**
     * Adds a service to the configuration.
     */
    addService(serviceType: SshServiceConstructor, serviceConfig?: any): void;
    /**
     * Gets the list of enabled authentication methods.
     *
     * Add or remove `AuthenticationMethod` constants to restrict which client authentication
     * methods the client will try or the server will allow. In any case, the client or server must
     * handle the `SshSession.onAuthenticating` event to perform authentication.
     */
    readonly authenticationMethods: AuthenticationMethod[];
    /**
     * Gets a dictionary that maps from known message numbers to message types.
     *
     * Message types must extend the `SshMessage` abstract class. Message subclasses that do
     * not have a distinct message type from their base class must not be included in this map.
     */
    readonly messages: Map<number, SshMessageConstructor<SshMessage>>;
    /**
     * Gets a dictionary that maps from message context to message type mappings for each context.
     *
     * Services like `AuthenticationService` may set the current message context to
     * disambiguate when the same message number may be re-used in different contexts.
     */
    readonly contextualMessages: Map<string, Map<number, SshMessageConstructor<SshMessage>>>;
    /**
     * Gets the collection of algorithms that are enabled for key exchange.
     *
     * Client and server sides negotiate which of these algorithms will be used.
     *
     * If this collection includes `null`, and if negotiation selects it, then the session is
     * allowed to skip key exchange and connect with no security of any kind: No key exchange,
     * no authentication, no encryption, no HMAC, and no compression.
     */
    readonly keyExchangeAlgorithms: (KeyExchangeAlgorithm | null)[];
    /**
     * Gets the collection of algorithms that are enabled for server (host) and client
     * public-key authentication.
     *
     * Client and server sides negotiate which of these algorithms will be used.
     */
    readonly publicKeyAlgorithms: (PublicKeyAlgorithm | null)[];
    readonly encryptionAlgorithms: (EncryptionAlgorithm | null)[];
    /**
     * Gets the collection of algorithms that are enabled for message integrity (HMAC).
     *
     * Client and server sides negotiate which of these algorithms will be used.
     */
    readonly hmacAlgorithms: (HmacAlgorithm | null)[];
    /**
     * Gets the collection of algorithms that are enabled for message compression.
     *
     * Client and server sides negotiate which of these algorithms will be used.
     */
    readonly compressionAlgorithms: (CompressionAlgorithm | null)[];
    getKeyExchangeAlgorithm(name: string): KeyExchangeAlgorithm | null;
    getPublicKeyAlgorithm(name: string): PublicKeyAlgorithm | null;
    getEncryptionAlgorithm(name: string): EncryptionAlgorithm | null;
    getHmacAlgorithm(name: string): HmacAlgorithm | null;
    getCompressionAlgorithm(name: string): CompressionAlgorithm | null;
    private getAlgorithm;
    private traceChannelDataValue;
    get traceChannelData(): boolean;
    /**
     * Enables tracing of all channel data messages.
     *
     * Unlike other configuration, this option may be adjusted any time while the session
     * is active. Channel data tracing produces a large volume of trace events, so it is
     * primarily meant only for debugging.
     */
    set traceChannelData(value: boolean);
    private readonly configurationChangedEmitter;
    /**
     * Gets or sets the number of times the server will allow a client to attempt to
     * authenticate.
     *
     * The default value is 5.
     *
     * This setting applies only to server sessions. If the client has failed to authenticate
     * after the maximum number of atttempts, the server will close the session.
     *
     * The SSH protocol allows a client to make multiple attempts to authenticate with
     * the server, e.g. to find which public key algorithm a server will support, or to
     * retry a mis-typed password. This maximum prevents unlimited retries, which would
     * make it easier to "guess" a password.
     *
     * In certain applications the server may only support a single authentication method
     * (which is not a typed password). Then it could be appropriate to set this value to 1.
     */
    maxClientAuthenticationAttempts: number;
    /**
     * Gets or sets whether the client sends a key-exchange "guess" message before receiving
     * the server's key-exchange algorithm preferences, slightly reducing the time to connect.
     *
     * This setting only applies to client sessions. (The server always supports the option when
     * used by a client.)
     *
     * The "guess" mechanism is somewhat ambiguously defined in the SSH protocol spec, and as
     * a result is not implemented or incorrectly implemented by some server implementations,
     * including older versions of this library. Therefore it is disabled in the default
     * configuration, and should only be enabled when connecting to a known-good server.
     */
    enableKeyExchangeGuess: boolean;
    /**
     * Gets or sets the keep-alive timeout in seconds.
     *
     * When set to a value greater than 0, the session will send keep-alive messages
     * at the specified interval to detect connection failures. If no response is received
     * within the timeout period, the keep-alive failed event will be raised.
     *
     * Set to 0 to disable keep-alive messages.
     */
    private keepAliveTimeoutInSecondsValue;
    get keepAliveTimeoutInSeconds(): number;
    set keepAliveTimeoutInSeconds(value: number);
}
//# sourceMappingURL=sshSessionConfiguration.d.ts.map