Ansible error : FAILED => SSH Error: Permission denied (publickey,password,keyboard-interactive) -

i'm learning use ansible, did following steps correctly :

<1> download <2> install <3> generated keys <4> copied 1 key node <5> checked ansible version 

now when : ansible -m ping webservers -vvvv

i got follow error :

<192.168.29.14> establish connection user: rclproject\fni <192.168.29.14> remote_module ping <192.168.29.14> exec ssh -c -tt -vvv -o controlmaster=auto -o controlpersist=60s -o controlpath="/home/fni/.ansible/cp/ansible-ssh-%h-%p-%r" -o kbdinteractiveauthentication=no -o preferredauthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o passwordauthentication=no -o connecttimeout=10 192.168.29.14 /bin/sh -c 'mkdir -p $home/.ansible/tmp/ansible-tmp-1436556339.1-60920993142459 && chmod a+rx $home/.ansible/tmp/ansible-tmp-1436556339.1-60920993142459 && echo $home/.ansible/tmp/ansible-tmp-1436556339.1-60920993142459' 192.168.29.14 | failed => ssh error: permission denied (publickey,password,keyboard-interactive).     while connecting 192.168.29.14:22 

my "/etc/ansible/ansible.cfg" looks :

# config file ansible -- http://ansible.com/ # ==============================================  # parameters can overridden in ansible-playbook  # or command line flags. ansible read ansible_config, # ansible.cfg in current working directory, .ansible.cfg in # home directory or /etc/ansible/ansible.cfg, whichever # finds first  [defaults]  # basic default values...  inventory      = /etc/ansible/hosts #library        = /usr/share/my_modules/ remote_tmp     = $home/.ansible/tmp pattern        = * forks          = 5 poll_interval  = 15 sudo_user      = root #ask_sudo_pass = true #ask_pass      = true transport      = smart #remote_port    = 22 module_lang    = c  # plays gather facts default, contain information # remote system. # # smart - gather default, don't regather if gathered # implicit - gather default, turn off gather_facts: false # explicit - not gather default, must gather_facts: true gathering = implicit  # additional paths search roles in, colon separated #roles_path    = /etc/ansible/roles  # uncomment disable ssh key host checking #host_key_checking = false  # change alternative sudo implementations sudo_exe = sudo  # flags pass sudo #sudo_flags = -h  # ssh timeout timeout = 10  # default user use playbooks if user not specified # (/usr/bin/ansible use current user default) #remote_user = root  # logging off default unless path defined # if defined, consider logrotate #log_path = /var/log/ansible.log  # default module name /usr/bin/ansible #module_name = command  # use shell commands executed under sudo # may need change bin/bash in rare instances # if sudo constrained #executable = /bin/sh  # if inventory variables overlap, higher precedence 1 win # or hash values merged together?  default 'replace' # can set 'merge'. #hash_behaviour = replace  # list jinja2 extensions enable here: #jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n  # if set, use private key file authentication, same  # if passing --private-key ansible or ansible-playbook #private_key_file = /path/to/file  # format of string {{ ansible_managed }} available within jinja2  # templates indicates users editing templates files replaced. # replacing {file}, {host} , {uid} , strftime codes proper values. ansible_managed = ansible managed: {file} modified on %y-%m-%d %h:%m:%s {uid} on {host}  # default, ansible-playbook display "skipping [host]" if determines task # should not run on host.  set "false" if don't want see these "skipping"  # messages. note: task header still shown regardless of whether or not  # task skipped. #display_skipped_hosts = true  # default (as of 1.3), ansible raise errors when attempting dereference  # jinja2 variables not set in templates or action lines. uncomment line # revert behavior pre-1.3. #error_on_undefined_vars = false  # default (as of 1.6), ansible may display warnings based on configuration of # system running ansible itself. may include warnings 3rd party packages or # other conditions should resolved if possible. # disable these warnings, set following value false: #system_warnings = true  # default (as of 1.4), ansible may display deprecation warnings language # features should no longer used , removed in future versions. # disable these warnings, set following value false: #deprecation_warnings = true  # (as of 1.8), ansible can optionally warn when usage of shell , # command module appear simplified using default ansible module # instead.  these warnings can silenced adjusting following # setting or adding warn=yes or warn=no end of command line  # parameter string.  example suggest using git module # instead of shelling out git command. # command_warnings = false   # set plugin path directories here, separate colons action_plugins     = /usr/share/ansible_plugins/action_plugins callback_plugins   = /usr/share/ansible_plugins/callback_plugins connection_plugins = /usr/share/ansible_plugins/connection_plugins lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins vars_plugins       = /usr/share/ansible_plugins/vars_plugins filter_plugins     = /usr/share/ansible_plugins/filter_plugins  # default callbacks not loaded /bin/ansible, enable if # want, example, notification or logging callback apply  # /bin/ansible runs #bin_ansible_callbacks = false   # don't cows?  that's unfortunate. # set 1 if don't want cowsay support or export ansible_nocows=1  #nocows = 1  # don't colors either? # set 1 if don't want colors, or export ansible_nocolor=1 #nocolor = 1  # ca certificate path used validating ssl certs. path  # should exist on controlling node, not target nodes # common locations: # rhel/centos: /etc/pki/tls/certs/ca-bundle.crt # fedora     : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem # ubuntu     : /usr/share/ca-certificates/cacert.org/cacert.org.crt #ca_file_path =   # http user-agent string use when fetching urls. web server # operators block default urllib user agent used # malicious attacks/scripts, set unique  # avoid issues. #http_user_agent = ansible-agent  # if set persistent type (not 'memory', example 'redis') fact values # previous runs in ansible stored.  may useful when # wanting use, example, ip information 1 group of servers # without having talk them in same playbook run # current ip information. fact_caching = memory   # retry files #retry_files_enabled = false #retry_files_save_path = ~/.ansible-retry  [privilege_escalation] #become=true #become_method='sudo' #become_user='root' #become_ask_pass=false  [paramiko_connection]  # uncomment line cause paramiko connection plugin not record new host # keys encountered.  increases performance on new host additions.  setting works independently of # host key checking setting above. #record_host_keys=false  # default, ansible requests pseudo-terminal commands executed under sudo. uncomment # line disable behaviour. #pty=false  [ssh_connection]  # ssh arguments use # leaving off controlpersist result in poor performance, use  # paramiko on older platforms rather removing #ssh_args = -o controlmaster=auto -o controlpersist=60s  # path use controlpath sockets. defaults # "%(directory)s/ansible-ssh-%%h-%%p-%%r", on systems # long hostnames or long path names (caused long user names or  # nested home directories) can exceed character limit on # file socket names (108 characters platforms). in case,  # may wish shorten string below. #  # example:  # control_path = %(directory)s/%%h-%%r #control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r  # enabling pipelining reduces number of ssh operations required  # execute module on remote server. can result in significant  # performance improvement when enabled, when using "sudo:" must  # first disable 'requiretty' in /etc/sudoers # # default, option disabled preserve compatibility # sudoers configurations have requiretty (the default on many distros). #  #pipelining = false  # if true, make ansible use scp if connection type ssh  # (default sftp) #scp_if_ssh = true  [accelerate] accelerate_port = 5099 accelerate_timeout = 30 accelerate_connect_timeout = 5.0  # daemon timeout measured in minutes. time measured # last activity accelerate daemon. accelerate_daemon_timeout = 30   # if set yes, accelerate_multi_key allow multiple # private keys uploaded it, though each user must # have access system via ssh add new key. default # "no". #accelerate_multi_key = yes  [selinux] # file systems require special treatment when dealing security context # default behaviour copies existing context or uses user default # needs changed use file system dependant context. #special_context_filesystems=nfs,vboxsf,fuse 

i've googled error couldn't find solution, i've setup winscp , firessh, , can connect , see files there, error mean can't handle keyboard-interactive password verification ? how turn on or off automatically ?

since i'm new, haven't changed above config file, issue ?

edit :

the hosts file :

[webservers] 192.168.29.14 

i found answer online : https://serverfault.com/questions/690644/what-does-localhost-failed-missing-become-password-mean-how-do-i-get-pas

it says : "the problem related sudo. in /etc/ansible/ansible.cfg there commented out setting called ask_sudo_pass needs uncommented out , set yes. alternatively can set group user belongs to able use sudo without password, that's security risk in opinion."