diff --git a/REFERENCE.md b/REFERENCE.md
index f64c109c..99e1a694 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -17,13 +17,13 @@
 
 ### Data types
 
-* [`Ssh::Key::Type`](#Ssh--Key--Type): From https://github.com/puppetlabs/puppetlabs-sshkeys_core/blob/master/lib/puppet/type/sshkey.rb v1.0.2
-* [`Ssh::Log_level`](#Ssh--Log_level)
-* [`Ssh::Permit_root_login`](#Ssh--Permit_root_login): 'without-password' is a deprecated alias for 'prohibit-password'
+* [`Ssh::Key::Type`](#Ssh--Key--Type): validate SSH key types
+* [`Ssh::Log_level`](#Ssh--Log_level): validate SSH log levels
+* [`Ssh::Permit_root_login`](#Ssh--Permit_root_login): validate configuration options for permit_root_login
 * [`Ssh::Ssh_Config`](#Ssh--Ssh_Config): ssh_config configuration file parameters
 * [`Ssh::Sshd_Config`](#Ssh--Sshd_Config): sshd_config configuration file parameters
-* [`Ssh::Syslog_facility`](#Ssh--Syslog_facility)
-* [`Ssh::Yes_no`](#Ssh--Yes_no)
+* [`Ssh::Syslog_facility`](#Ssh--Syslog_facility): validate syslog facilities used by SSH
+* [`Ssh::Yes_no`](#Ssh--Yes_no): validate SSH configuration that uses yes/no.
 
 ## Classes
 
@@ -2653,7 +2653,7 @@ Alias of `Enum['ssh-dss', 'ssh-ed25519', 'ssh-rsa', 'ecdsa-sha2-nistp256', 'ecds
 
 ### <a name="Ssh--Log_level"></a>`Ssh::Log_level`
 
-The Ssh::Log_level data type.
+validate SSH log levels
 
 Alias of `Enum['QUIET', 'FATAL', 'ERROR', 'INFO', 'VERBOSE', 'DEBUG', 'DEBUG1', 'DEBUG2', 'DEBUG3']`
 
@@ -2848,7 +2848,7 @@ Struct[{
     Optional['PermitRootLogin']                 => Ssh::Permit_root_login,
     Optional['PermitTTY']                       => Ssh::Yes_no,
     Optional['PermitTunnel']                    => Enum['yes', 'point-to-point', 'ethernet', 'no'],
-    Optional['PermitUserEnvironmen']            => String[1],
+    Optional['PermitUserEnvironment']           => String[1],
     Optional['PermitUserRC']                    => Ssh::Yes_no,
     Optional['PerSourceMaxStartups']            => String[1],
     Optional['PerSourceNetBlockSize']           => String[1],
@@ -2885,13 +2885,13 @@ Struct[{
 
 ### <a name="Ssh--Syslog_facility"></a>`Ssh::Syslog_facility`
 
-The Ssh::Syslog_facility data type.
+validate syslog facilities used by SSH
 
 Alias of `Enum['DAEMON', 'USER', 'AUTH', 'LOCAL0', 'LOCAL1', 'LOCAL2', 'LOCAL3', 'LOCAL4', 'LOCAL5', 'LOCAL6', 'LOCAL7', 'AUTHPRIV']`
 
 ### <a name="Ssh--Yes_no"></a>`Ssh::Yes_no`
 
-The Ssh::Yes_no data type.
+validate SSH configuration that uses yes/no.
 
 Alias of `Enum['yes', 'no']`
 
diff --git a/metadata.json b/metadata.json
index ebca4bd2..c0a4486d 100644
--- a/metadata.json
+++ b/metadata.json
@@ -97,7 +97,7 @@
     }
   ],
   "description": "Manage SSH",
-  "pdk-version": "3.0.0",
+  "pdk-version": "3.3.0",
   "template-url": "https://github.com/tailored-automation/pdk-templates#main",
-  "template-ref": "heads/main-0-g53868f7"
+  "template-ref": "heads/main-0-g8e0611a"
 }
diff --git a/spec/defines/config_file_server_spec.rb b/spec/defines/config_file_server_spec.rb
index ddc9c761..0b68d919 100644
--- a/spec/defines/config_file_server_spec.rb
+++ b/spec/defines/config_file_server_spec.rb
@@ -145,7 +145,7 @@ class { 'ssh::server':
             'PermitRootLogin'                 => 'prohibit-password',
             'PermitTTY'                       => 'yes',
             'PermitTunnel'                    => 'point-to-point',
-            'PermitUserEnvironmen'            => 'test',
+            'PermitUserEnvironment'           => 'test',
             'PermitUserRC'                    => 'yes',
             'PerSourceMaxStartups'            => 'test',
             'PerSourceNetBlockSize'           => 'test',
@@ -251,7 +251,7 @@ class { 'ssh::server':
         |PermitRootLogin prohibit-password
         |PermitTTY yes
         |PermitTunnel point-to-point
-        |PermitUserEnvironmen test
+        |PermitUserEnvironment test
         |PermitUserRC yes
         |PerSourceMaxStartups test
         |PerSourceNetBlockSize test
diff --git a/spec/type_aliases/sshd_config_spec.rb b/spec/type_aliases/sshd_config_spec.rb
index bf4f766b..9d5eb616 100644
--- a/spec/type_aliases/sshd_config_spec.rb
+++ b/spec/type_aliases/sshd_config_spec.rb
@@ -262,7 +262,7 @@
       'Banner', 'CASignatureAlgorithms', 'ChannelTimeout', 'ChrootDirectory', 'Ciphers', 'DenyGroups', 'DenyUsers',
       'ForceCommand', 'HostbasedAcceptedAlgorithms', 'HostCertificate', 'HostKey', 'HostKeyAgent', 'HostKeyAlgorithms',
       'Include', 'IPQoS', 'KexAlgorithms', 'ListenAddress', 'LogVerbose', 'MACs', 'Match', 'MaxStartups', 'PermitListen',
-      'PermitOpen', 'PermitUserEnvironmen', 'PerSourceMaxStartups', 'PerSourceNetBlockSize', 'PidFile', 'PubkeyAcceptedAlgorithms',
+      'PermitOpen', 'PermitUserEnvironment', 'PerSourceMaxStartups', 'PerSourceNetBlockSize', 'PidFile', 'PubkeyAcceptedAlgorithms',
       'RekeyLimit', 'RevokedKeys', 'RDomain', 'SetEnv', 'Subsystem', 'TrustedUserCAKeys', 'VersionAddendum', 'XAuthLocation'
     ].each do |directive|
       describe directive.inspect do
diff --git a/types/sshd_config.pp b/types/sshd_config.pp
index 7d6242ec..c3e09b6a 100644
--- a/types/sshd_config.pp
+++ b/types/sshd_config.pp
@@ -69,7 +69,7 @@
     Optional['PermitRootLogin']                 => Ssh::Permit_root_login,
     Optional['PermitTTY']                       => Ssh::Yes_no,
     Optional['PermitTunnel']                    => Enum['yes', 'point-to-point', 'ethernet', 'no'],
-    Optional['PermitUserEnvironmen']            => String[1],
+    Optional['PermitUserEnvironment']           => String[1],
     Optional['PermitUserRC']                    => Ssh::Yes_no,
     Optional['PerSourceMaxStartups']            => String[1],
     Optional['PerSourceNetBlockSize']           => String[1],