The reason that the service isn't "Active" is because of several reasons:

1. You don't have use-ssh-agent defined in /etc/X11/Xsession.options.
2. You've defined $SSH_AUTH_SOCK prior to starting ssh-agent.service.
3. SSH_AUTH_SOCK is also defined within Systemd --user scope by gpg-agent-ssh.socket.

Let's first look at the ssh-agent.service unit file. When the unit is started, the script /usr/lib/openssh/agent-launch is called by the following line:

ExecStart=/usr/lib/openssh/agent-launch start

Looking at that script, we have the following:

$ cat /usr/lib/openssh/agent-launch
#!/bin/sh
# helper script for launching ssh-agent, used by systemd unit
set -e

if [ ! -d "$XDG_RUNTIME_DIR" ]; then
    # shellcheck disable=SC2016
    echo 'This needs $XDG_RUNTIME_DIR to be set' >&2
    exit 1
fi

if [ "$1" = start ]; then
    if [ -z "$SSH_AUTH_SOCK" ] && grep -s -q '^use-ssh-agent$' /etc/X11/Xsession.options; then
        S="$XDG_RUNTIME_DIR/openssh_agent"
        dbus-update-activation-environment --verbose --systemd SSH_AUTH_SOCK="$S" SSH_AGENT_LAUNCHER=openssh
        exec ssh-agent -D -a "$S"
    fi
elif [ "$1" = stop ]; then
    if [ "$SSH_AGENT_LAUNCHER" = openssh ]; then
        dbus-update-activation-environment --systemd  SSH_AUTH_SOCK=
    fi
else
    echo "Unknown command $1" >&2
    exit 1
fi

We can glean a few things from this:

1. $XDG_RUNTIME_DIR needs to be defined as an environment variable
2. $SSH_AUTH_SOCK needs to be undefined
3. use-ssh-agent needs to be defined in /etc/X11/Xsession.options

Next, look at the output of systemctl --user show-environment. This will show your Systemd --user scope environment variables:

$ systemctl --user show-environment
HOME=/home/mike
LANG=en_US.UTF-8
LOGNAME=mike
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/>
SHELL=/bin/bash
USER=mike
XDG_RUNTIME_DIR=/run/user/1000
XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
GSM_SKIP_SSH_AGENT_WORKAROUND=true
SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh

Notice that SSH_AUTH_SOCK is defined. This will prevent ssh-agent.service from starting and defining this variable.

When ssh-agent is run, it wants to define SSH_AUTH_SOCK. Quoting the ssh-agent(1) manpage:

SSH_AUTH_SOCK  When ssh-agent starts, it creates a UNIX-domain socket and stores its pathname in this
                    variable.  It is accessible only to the current user, but is easily abused by root or
                    another instance of the same user.

Anyway, in the default state for Ubuntu 24.04, SSH_AUTH_SOCK is defined from a socket unit file called gpg-agent-ssh.socket, which is why it's available in Systemd --user scope and visible in the output of systemctl --user show-environment. Take a look at the contents of the gpg-agent-ssh.socket unit file and you'll see how SSH_AUTH_SOCK is defined with ExecStartPost=:

$ systemctl --user cat gpg-agent-ssh.socket
# /usr/lib/systemd/user/gpg-agent-ssh.socket
[Unit]
Description=GnuPG cryptographic agent (ssh-agent emulation)
Documentation=man:gpg-agent(1) man:ssh-add(1) man:ssh-agent(1) man:ssh(1)

[Socket]
ListenStream=%t/gnupg/S.gpg-agent.ssh

# See the below link for why we need GSM_SKIP_SSH_AGENT_WORKAROUND:
# https://git.gnome.org/browse/gnome-session/tree/gnome-session/main.c?h=3.24.0#n419
# in order to avoid race condition this environment should be set before SSH_AUTH_SOCK
ExecStartPre=systemctl --user set-environment GSM_SKIP_SSH_AGENT_WORKAROUND="true"

# after creating and binding the service notify environment
# no need to test config file because service directly pass fd overwritting the config file
ExecStartPost=systemctl --user set-environment SSH_AUTH_SOCK="%t/gnupg/S.gpg-agent.ssh"

# before unbinding stop to export that we listen to socket
ExecStopPre=systemctl --user unset-environment SSH_AUTH_SOCK
ExecStopPost=systemctl --user unset-environment GSM_SKIP_SSH_AGENT_WORKAROUND

FileDescriptorName=ssh
Service=gpg-agent.service
SocketMode=0600
DirectoryMode=0700

[Install]
WantedBy=sockets.target

The Fix

For Ubuntu 24.04, to enable ssh-agent you need to do the following:

1. Define use-ssh-agent in /etc/X11/Xsession.options:

   $ cat /etc/X11/Xsession.options
   use-ssh-agent
   

2. Prevent SSH_AUTH_SOCK from being defined in Systemd --user scope at boot by gpg-agent-ssh.socket. This can be done by either of the following options:

   Option 1:

   Create an override.conf file that clears ExecStartPre, ExecStartPost, ExecStopPre, and ExecStopPost with the following steps:

   • Run systemctl --user edit gpg-agent-ssh.socket to edit and create an override.conf file. Add the following:

     [Socket]
     ExecStartPre=
     ExecStartPost=
     ExecStopPre=
     ExecStopPost=
     

   • Save and exit.

   • Then reload the configuration changes with systemctl --user daemon-reload.

   Option 2:

   Simply mask gpg-agent-ssh.socket. This will prevent the socket from being created.

   • Run systemctl --user mask gpg-agent-ssh.socket.

   • Then reload the configuration changes with systemctl --user daemon-reload.

3. Unset SSH_AUTH_SOCK in Systemd --user scope, which was previously defined with gpg-agent-ssh.socket unit file. You need to unset this prior to starting ssh-agent.service:

   systemctl --user unset-environment SSH_AUTH_SOCK`
   

4. Add an [Install] section in an override.conf file for ssh-agent.service. This will allow you to "enable" the service and have it start at boot.

   $ systemctl --user edit ssh-agent
   [Install}
   WantedBy=default.target
   

   Then reload the configuration changes with systemctl --user daemon-reload.

5. Enable and start ssh-agent.service

   systemctl --user enable --now ssh-agent
   

6. Export SSH_AUTH_SOCK in .bashrc so that this environment variable is available globally. Otherwise ssh-add will not see an available socket since it cannot see Systemd --user scope variables.

   • Add the following to the bottom of .bashrc:

     export SSH_AUTH_SOCK="${XDG_RUNTIME_DIR}/openssh_agent"

   • Then reload .bashrc:

     source ~/.bashrc
     

After the above configuration:

• You will have a global SSH_AUTH_SOCK variable:

  $ echo $SSH_AUTH_SOCK
  /run/user/1000/openssh_agent
  

• This will match the Systemd --user scope variable:

  $ systemctl --user show-environment
  HOME=/home/mike
  LANG=en_US.UTF-8
  LOGNAME=mike
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/>
  SHELL=/bin/bash
  USER=mike
  XDG_RUNTIME_DIR=/run/user/1000
  XDG_DATA_DIRS=/usr/local/share/:/usr/share/:/var/lib/snapd/desktop
  DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
  SSH_AGENT_LAUNCHER=openssh
  SSH_AUTH_SOCK=/run/user/1000/openssh_agent
  

• ssh-agent will be enabled and active (running):

  $ systemctl --user status ssh-agent
  ● ssh-agent.service - OpenSSH Agent
       Loaded: loaded (/usr/lib/systemd/user/ssh-agent.service; enabled; preset: enabled)
      Drop-In: /home/mike/.config/systemd/user/ssh-agent.service.d
               └─override.conf
       Active: active (running) since Wed 2025-02-26 05:43:00 UTC; 4min 12s ago
         Docs: man:ssh-agent(1)
     Main PID: 1513 (ssh-agent)
        Tasks: 1 (limit: 9327)
       Memory: 1.1M (peak: 1.4M)
          CPU: 12ms
       CGroup: /user.slice/user-1000.slice/[email protected]/app.slice/ssh-agent.service
               └─1513 ssh-agent -D -a /run/user/1000/openssh_agent
  
  Feb 26 05:43:00 ubuntu24server systemd[1158]: Started ssh-agent.service - OpenSSH Agent.
  Feb 26 05:43:00 ubuntu24server agent-launch[1516]: dbus-update-activation-environment: setting SSH_A>
  Feb 26 05:43:00 ubuntu24server agent-launch[1516]: dbus-update-activation-environment: setting SSH_A>
  Feb 26 05:43:00 ubuntu24server agent-launch[1513]: SSH_AUTH_SOCK=/run/user/1000/openssh_agent; expor>
  Feb 26 05:43:00 ubuntu24server agent-launch[1513]: echo Agent pid 1513;
  

• The output of ssh-add -l will not error out:

  $ ssh-add -l
  The agent has no identities.