Some applications, like ssh have a unit file that ends with @, like ssh.service and ssh@.service. They contain different contents, but I cannot understand what exactly is the difference in functionality or purpose.
Is it some naming convention I'm not aware of?
As others have mentioned, it's a service template. In the specific case of ssh@.service, it's for invoking sshd only on-demand, in the style of classic inetd services.
If you expect SSH connections to be rarely used, and want to absolutely minimize sshd's system resource usage (e.g. in an embedded system), you could disable the regular ssh.service and instead enable ssh.socket. The socket will then automatically start up an instance of ssh@.service (which runs sshd -i) whenever an incoming connection to TCP port 22 (the standard SSH port) is detected. This will slow down the SSH login process, but will remove the need to run sshd when there are no inbound SSH connections.
It is a template: https://www.freedesktop.org/software/systemd/man/systemd.service.html#Service%20Templates
It is instantiated by creating a link to unit@instance.type where the link source is unit@.type. The value of instance is available in the systemd unit file using %i or %I, and allows you to write a single unit config file that can be used multiple times with a parameter.
While the clearest systemd documentation for this is "Service Templates", you can template any unit type, as described in the systemd.unit(5) man page: https://www.freedesktop.org/software/systemd/man/systemd.unit.html
These are service templates, designed to be instantiated with an argument (so the service is template@argument, running the template@ service with the given argument). A single service definition can thus be used in different circumstances without needing any hard-coded specifics.
Typical instantiated services you’ll see are per-file system services such as the systemd-fsck@ service, per-device gettys, the user manager for each user (user@), etc. They can be set up in the same way as non-templated services, using systemctl enable etc., but many are dynamically instantiated by other services.
Some unit names contain an
@sign (e.g.name@string.service): this means that they are instances of a template unit, whose actual file name does not contain thestringpart (e.g.name@.service).stringis called the instance identifier, and is similar to an argument that is passed to the template unit when called with the systemctl command: in the unit file it will substitute the%ispecifier. To be more accurate, before trying to instantiate thename@.suffixtemplate unit, systemd will actually look for a unit with the exactname@string.suffixfile name, although by convention such a "clash" happens rarely, i.e. most unit files containing an@sign are meant to be templates.